f10e4ea9ab
- The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
...
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
3de186c96e
added the health check to the menu
2019-05-17 14:08:17 +02:00
bdb57f0270
Fixed some errors
2019-05-17 14:05:48 +02:00
7c88bb46d8
Renamed the .yaml file and created Navigator layers.
2019-05-16 13:30:42 +02:00
4b94efa651
Moved threat actor info from redcanary to new folder "threat-actor-data".
2019-05-16 08:24:14 +02:00
111395c684
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-15 14:43:32 +02:00
9a9aa01355
Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files.
2019-05-15 14:43:25 +02:00
7c027606d9
small improvement in the health check for tech. YAML files
2019-05-15 11:00:33 +02:00
e745b3bfe4
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-15 10:05:29 +02:00
24be857eb2
Added both detection and visibility score to detection/visibility overlay.
2019-05-15 10:05:19 +02:00
ff492db9ff
fixed a small bug in new code
2019-05-14 13:56:07 +02:00
5fdcb2376d
added a new option '--health' to check a technique administration YAML file on errors.
2019-05-14 12:58:06 +02:00
778dded30a
Merge pull request #6 from rabobank-cdc/development
...
update on text
2019-05-08 10:33:57 +02:00
a183280ca9
update on text
2019-05-08 10:31:08 +02:00
4277bc134c
Merge pull request #5 from rabobank-cdc/development
...
Merge dev to master for version 1.1
2019-05-08 10:25:57 +02:00
e505a966c3
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-08 10:23:46 +02:00
5047b4555b
update on content
2019-05-08 10:22:45 +02:00
249bf07f4c
Show help when running DeTT&CT without params.
2019-05-08 08:42:32 +02:00
16ab713db1
Small bugfix when using interactive menu: default overlay type should be 'group'. And when giving empty group, value is set to 'all'.
2019-05-07 15:40:15 +02:00
e043a9ed7e
Small bugfix for using applicable to in interactive menu for detections.
2019-05-07 15:29:19 +02:00
9e62e54e7a
Small bugfix on filtering applicable_to for graphs.
2019-05-07 15:29:00 +02:00
62eccabe2d
Corrections on double spaces
2019-05-07 15:28:34 +02:00
5cbb419a09
Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility
2019-05-03 10:25:11 +02:00
149362f9d8
Created 3 constants for overlay_type
2019-05-02 20:15:43 +02:00
f475c26ede
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-02 19:54:57 +02:00
e60d77fdf1
Added score (in the layer attribute "score" and as metadata) for detection/visibility when overlaid with a group
2019-05-02 19:54:32 +02:00
b84e98c12b
Converted float to int
2019-05-02 19:45:45 +02:00
9b52bf1136
Improvend the legend for group + detection and visibility overlays.
2019-05-02 16:47:40 +02:00
95a9877370
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-02 13:21:18 +02:00
78bc2f2842
Added support for multiple detections and visibility per technique in the technique administration YAML file.
...
Changed version number tot 1.1.
Improvements and fixes for the new detections/visibility Excel sheet.
2019-05-02 13:21:01 +02:00
35b85b6ddb
Re-added multiple visibilities and detections to T1171
2019-05-01 12:06:39 +02:00
34073234dc
Added new examples for the new tactic "Impact"
2019-05-01 12:04:59 +02:00
7b2d711c87
Added multiple visibilities and detections to T1171
2019-05-01 11:25:40 +02:00
a94191b81c
Added example multiline comment using |
2019-04-29 14:29:51 +02:00
add18fc725
Added wrap_text and (v)aligns to Excel cells.
...
Added colors for detection, visibility and data quality scores in Excel sheets.
2019-04-24 17:16:11 +02:00
da446ef97f
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-04-24 16:15:13 +02:00
43d8b130a0
Added support for filtering applicable_to in groups overlayed with detection/visibility. Added docstrings. Fixed bug in arg parsing.
2019-04-24 16:15:04 +02:00
8ff223c81c
Merge remote-tracking branch 'origin/master' into development
2019-04-24 11:49:13 +02:00
d0626aeed4
Added logic to prevent filtering on 'applicable_to' for Excel output (which is unsupported)
2019-04-24 09:50:19 +02:00
9a607a7a72
Support for filtering on applicable_to field for detections+visibility overlay.
2019-04-24 09:36:42 +02:00
54953dc62c
Fixed issue #3 (product list not appending for visibility ATT&CK layer)
2019-04-24 08:31:59 +02:00
89b4f32f3e
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-04-23 15:43:43 +02:00
6da47fe9fb
Support for filtering on applicable_to field for visibility mode and detection graph.
2019-04-23 15:43:28 +02:00
b3a8ba2a4f
Changed name field in techniques administration sample file.
2019-04-23 14:57:11 +02:00
e3eabe9793
Hide some functions
2019-04-23 14:19:25 +02:00
0ddc765c60
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-04-23 14:00:09 +02:00
e55e597e34
Updated to version 1.1
2019-04-23 13:51:46 +02:00
bf617f4538
Fixed a bug that would cause a crash when the 'score' key-value pair had not value assigned
2019-04-23 13:29:27 +02:00
72f1722746
Added support for tech. admin. file version 1.1
2019-04-23 13:22:03 +02:00
26776f0468
Fixed a bug that would cause a crash when doing a software-group using a visibility or detection overlay
2019-04-23 13:21:27 +02:00
Marcus Bakker
Ruben Bouman
rubinator
Ruben