8456033337
updatd the Python packages
2020-10-16 11:36:05 +02:00
752186c5f6
Added support for specifying the ATT&CK platform
2020-10-15 11:03:36 +02:00
ef3f95fa97
fixt issue #36
2020-10-12 12:05:47 +02:00
d3c1c3dac3
Removed tactic level (not necessary), fixed bug for showing data sources in metadata of visibility layer, fixed bug for setting showSubtechniques
2020-07-13 12:21:23 +02:00
524501a3ba
Small docstring change
2020-07-10 12:26:44 +02:00
0a1de10d25
Merge branch 'development' of https://github.com/marcusbakker/DeTTECT-private into development
2020-07-10 11:34:00 +02:00
753a84a722
Only enable showSubtechniques is it's necessary
2020-07-10 11:33:56 +02:00
b7cdf856ba
Added new functionality to remove deprecated STIX objects
2020-07-10 11:06:22 +02:00
9777e97829
Adjustments to the metadata to make it ready for Navigator 3.1
2020-07-02 16:30:36 +02:00
3a1f5f4cea
Added support for the new Navgiator v3.0 format.
2020-06-29 16:53:45 +02:00
f77aed3ef0
Functionality to update to sub-techniques, including an option to provide a local stix path. Also updated sample YAML file.
2020-06-29 15:52:26 +02:00
931dd8ff25
Merge branch 'development' of https://github.com/marcusbakker/DeTTECT-private into development
2020-06-18 17:01:22 +02:00
4c7ff2f095
Color shading for overlay files.
2020-06-18 17:01:16 +02:00
e7b3018677
Created a function to add the metadata as used within overlays
2020-06-12 10:54:41 +02:00
1ac6a4ce78
- Added output_filename as option for datasource, visbility, detection and group modes.
...
- Fixed bug when having both dates and datetimes in techniques YAML file.
2020-05-25 11:44:13 +02:00
23b0324e75
Bugfix: date in auto updated yaml file was in YYYY-MM-DD format what errors when auto updating the YAML again. Using long datetime format like in the Editor.
2020-04-16 15:18:27 +02:00
68699a9e06
bugfix for using lowercase platform in data source yaml file, bugfix for having empty score logbook in techniques yaml file, small code style improvement
2020-03-03 14:49:19 +01:00
363beab8a5
Mapped data sources to platforms
2020-02-10 12:17:00 +01:00
b6a00a3955
Added new functionality to support a platform key-value pair in a group YAML file.
2019-12-06 13:50:16 +01:00
40657c4e06
Removing revoked ATT&CK STIX objects
2019-12-05 10:46:44 +01:00
28b26fb92c
Small fixes
2019-12-05 08:43:42 +01:00
a952c34cac
Added new checks to make sure the metadata in a Navigator layer file is compliant with the expected data structure. Reported by @Sreeman.
2019-12-04 14:51:56 +01:00
dc092696f2
Fixed of a bug that caused a crash when having a None value for a detection or visibility comment. Reported by @Sreeman.
2019-11-29 12:17:33 +01:00
fdd4f7b4b7
Fixed two bugs:
...
- Using 'all' in a data soursce file to generate a YAML file does not work: empty file.
- Having 'all' in a data source and then use --yaml result in a weird filename: data-sources-a-l-l
2019-11-18 14:27:25 +01:00
dd4708a440
A small bug fix that resulted in an invalid Navigator layer file for a group/threat actor heat map, or when overlaid with a group, visibility or detection coverage.
2019-11-14 15:09:36 +01:00
f67cb194d4
Improved handling of multiple possible values for platform.
2019-11-05 10:21:42 +01:00
b5f970b8c2
Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
...
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.
Added health check on platform attribute in techniques administration file.
Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
14852fb24a
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 11:16:05 +02:00
81a8d18eff
- Removed depreciated functionality.
...
- Moved health check functions to health.py
2019-08-20 11:15:54 +02:00
45ca1b9e81
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 09:15:52 +02:00
90fc9278c9
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-20 09:15:41 +02:00
84f9f0440a
- Non-MITRE ATT&CK data sources are now also exported to Excel.
...
- Any ATT&CK data sources that are missing within the YAML file are added to the Excel with a comment stating it is missing.
2019-08-15 20:31:20 +02:00
4fd39d46aa
Removed an unnecessary try/catch block.
2019-08-13 14:29:54 +02:00
025c302af5
- Removed the function 'try_get_key' (replaced by the native dict method 'get').
...
- Improved the function 'fix_date_and_remove_null' to make use of StringIO instead of writing temporary files to disk.
- Made the function 'get_latest_score_obj', 'public'. This function is needed within the module 'eql_yaml.py'.
- Removed functionality for the deprecated argument '-a, --applicable'.
- Added a try/except block to 'load_techniques', for when an EQL query resulted in invalid technique administration YAML content.
- Improved the health check to only to perform the health check, when the content of the YAML file changed. This results in a notable increase in performance.
2019-08-08 14:29:15 +02:00
c6d25a2f0f
- Added functionally to remove null values from YAML file lines.
...
- Small improvement in the health check.
2019-08-02 11:47:58 +02:00
3d11aa5835
- Added new functionality for Mitigations statistics.
...
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
d0f2a4946b
- Made compatible with version 1.2 of the technique admin YAML file.
...
- Added new functionality for the auto-update of visibility scores.
- Added multiple new generic functions.
- Multiple small improvements to the technique admin YAML file health check.
- Replaced PyYAML with ruamel.yaml.
- Multiple functions made "private".
- Made compatible with v0.2.7 of attackcti.
2019-07-31 10:18:57 +02:00
3f4876a682
Increased performance by caching ATT&CK STIX objects were possible.
2019-07-15 14:55:39 +02:00
e251c6157c
Made compatible with the latest version of attackcti (v0.2.6)
2019-07-13 14:40:24 +02:00
2dd9327955
removed an unnecessary print statement
2019-05-23 09:37:08 +02:00
f10e4ea9ab
- The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
...
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
111395c684
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-15 14:43:32 +02:00
9a9aa01355
Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files.
2019-05-15 14:43:25 +02:00
7c027606d9
small improvement in the health check for tech. YAML files
2019-05-15 11:00:33 +02:00
ff492db9ff
fixed a small bug in new code
2019-05-14 13:56:07 +02:00
5fdcb2376d
added a new option '--health' to check a technique administration YAML file on errors.
2019-05-14 12:58:06 +02:00
5cbb419a09
Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility
2019-05-03 10:25:11 +02:00
149362f9d8
Created 3 constants for overlay_type
2019-05-02 20:15:43 +02:00
f475c26ede
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-02 19:54:57 +02:00
b84e98c12b
Converted float to int
2019-05-02 19:45:45 +02:00
Marcus Bakker
Ruben Bouman
Ruben