43360f6242
Removed the platform "Azure"
2019-11-06 12:56:51 +01:00
a93cd9732c
Added Group YAML Files and Navigator layers for CrowdStrike's 2019 Mid-Year OverWatch Report.
2019-11-06 12:29:09 +01:00
d2d24824f5
Merge branch 'development'
2019-11-05 13:54:23 +01:00
207162f29b
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-11-05 10:21:48 +01:00
f67cb194d4
Improved handling of multiple possible values for platform.
2019-11-05 10:21:42 +01:00
6dd96dff72
Added the new ATT&CK data sources from the October update.
2019-11-05 08:50:46 +01:00
b9188ad50e
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-11-05 08:50:12 +01:00
7f47fd6ac6
Bumped the version to 1.2.3
2019-11-05 08:49:58 +01:00
866521f30b
Update version number
2019-11-04 15:47:54 +01:00
1130c5ec44
Platform attribute with right casing due to ATT&CK October update.
2019-11-04 15:46:04 +01:00
b5f970b8c2
Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
...
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.
Added health check on platform attribute in techniques administration file.
Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
3d657bd4bf
Added new data sources of ATT&CK October update to sample-data file.
2019-11-04 14:30:59 +01:00
3fa25fd38b
Merge branch 'development'
2019-10-31 10:12:37 +01:00
a2e7794491
Added a link to the hack.lu 2019 talk
2019-10-31 10:09:30 +01:00
a3d366f394
Merge branch 'development'
2019-10-17 14:13:48 +02:00
48440370b7
Bumped the version to 1.2.2
2019-10-17 13:51:54 +02:00
0c15c1ffde
Fixed a bug that caused a crash when having empty technique ID entries within the 'exception' list of a data source administration YAML file.
2019-10-17 13:51:28 +02:00
098681f239
Added two new health checks for the data source administration YAML:
...
- check on on invalid technique IDs in the 'exceptions list'
- check on an empty or invalid value for 'platform'
2019-10-17 13:51:06 +02:00
0317b982c9
Merge branch 'development'
2019-09-19 17:24:32 +02:00
785d52a619
Bumped the version to 1.2.1
2019-09-19 16:06:51 +02:00
951ab11619
Bumped the version to 1.2.1
2019-09-19 16:04:26 +02:00
c287673169
Improved the way how EQL is integrated into DeTT&CT.
2019-09-19 15:52:43 +02:00
3c341ce9a9
Fixed a bug within the YAML visibility update functionality.
2019-09-19 15:49:59 +02:00
6d17208387
Fixed the metadata for the data source "Process command-line parameters"
2019-09-19 15:48:38 +02:00
cf209ee668
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-09-16 09:28:47 +02:00
46b2982d23
Added a YAML and Navigator layer file for Kaspersky's Incident Response report 2018
2019-09-16 09:23:10 +02:00
e398807772
Release 1.2.0 commit
2019-08-22 08:28:14 +02:00
83f1eb0451
Merge branch 'master' of https://github.com/rabobank-cdc/DeTTECT
2019-08-22 08:23:45 +02:00
24c19fcca6
small changes to interactive menu: makes choices like booleans must faster
2019-08-21 15:12:12 +02:00
6efd04cb3b
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-21 10:53:04 +02:00
14852fb24a
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 11:16:05 +02:00
81a8d18eff
- Removed depreciated functionality.
...
- Moved health check functions to health.py
2019-08-20 11:15:54 +02:00
da23777631
- Excel columns made wider.
...
- Removed depreciated functionality.
2019-08-20 11:15:26 +02:00
5bb9b6329d
Changed variable name.
2019-08-20 11:14:51 +02:00
163d21488a
Added improved error checking on invalid YAML content returned from an EQL query.
2019-08-20 11:14:31 +02:00
98067447c6
Implemented a health check for data source administration YAML files.
2019-08-20 11:14:07 +02:00
248c6a07d8
Added an extra check for a possible empty 'comment' key-value pair.
2019-08-20 11:13:25 +02:00
47dfc8bb8d
Bumped the version to 1.2.0
2019-08-20 11:06:09 +02:00
45ca1b9e81
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 09:15:52 +02:00
90fc9278c9
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-20 09:15:41 +02:00
84f9f0440a
- Non-MITRE ATT&CK data sources are now also exported to Excel.
...
- Any ATT&CK data sources that are missing within the YAML file are added to the Excel with a comment stating it is missing.
2019-08-15 20:31:20 +02:00
7ad8fe16c7
added same kind of graph for visibility as for detection
2019-08-15 16:00:06 +02:00
437f4f346d
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-15 15:34:36 +02:00
e4eca01168
small improvements
2019-08-15 15:34:31 +02:00
4f045644f1
Fixed a bug that caused a crash when a technique_id was part of the exception list
2019-08-15 11:05:11 +02:00
753dd20e54
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-13 14:31:08 +02:00
5c700690c6
Added the possibility to use EQL queries.
2019-08-13 14:30:43 +02:00
4fd39d46aa
Removed an unnecessary try/catch block.
2019-08-13 14:29:54 +02:00
08b4c9c1ec
Made the necessary changes to be compatible with the interactive menu.
2019-08-13 14:28:43 +02:00
94e5470ccd
Modified how the DQ overall scores is calculated.
2019-08-13 14:24:03 +02:00
Marcus Bakker
Ruben Bouman