Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue Generating Heatmaps based on multiple groups #72

Open
CyberGumShew opened this issue Apr 6, 2022 · 1 comment
Open

Issue Generating Heatmaps based on multiple groups #72

CyberGumShew opened this issue Apr 6, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@CyberGumShew
Copy link

CyberGumShew commented Apr 6, 2022
edited
Loading

I'm having an issue generating a heatmap on multiple group administration files.

Running the group command with multiple -g parameters just generates a heatmap on the first parameter provided, not a combined heatmap.

Example command (1 technique for each .yaml):
python.exe .\dettect.py g -g '.\threat-actor-data\test2.yaml' -g '.\threat-actor-data\test1.yaml'

Generates:
{ "name": "Attack - Linux, Windows, macOS", "versions": { "navigator": "4.5", "layer": "4.3" }, "domain": "enterprise-attack", "description": "stage: attack | platform(s): Linux, Windows, macOS | group(s): Test1 | overlay group(s): ", "filters": { "platforms": [ "Windows", "Linux", "macOS" ] }, "sorting": 3, "layout": { "layout": "flat", "aggregateFunction": "sum", "showAggregateScores": true, "countUnscored": false, "showName": true, "showID": false }, "hideDisable": false, "selectSubtechniquesWithParent": false, "techniques": [ { "techniqueID": "T1218.011", "score": 2380, "metadata": [ { "name": "Group", "value": "Test1" } ] }, { "techniqueID": "T1218", "showSubtechniques": true } ], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": { "colors": [ "#ffcece", "#ff0000" ], "minValue": 0, "maxValue": 2380 }, "legendItems": [ { "label": "Tech. not often used", "color": "#ffcece" }, { "label": "Tech. used frequently", "color": "#ff0000" }, { "label": "Groups overlay: tech. in group + overlay", "color": "#f9a825" }, { "label": "Groups overlay: tech. in overlay", "color": "#ffee58" }, { "label": "Src. of tech. is only software", "color": "#0d47a1 " }, { "label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 " } ] }
@CyberGumShew CyberGumShew changed the title Generate Heatmaps based on multiple groups Issue Generating Heatmaps based on multiple groups Apr 6, 2022
@rubinatorz
Copy link
Member

hi @CyberGumShew

Currently there's only support for having 1 group yaml file loaded into the group mode. If you want to combine multiple groups, you can put all groups into one group yaml file. The group yaml file does support multiple groups and multiple campaigns. Please be aware that the "enabled" property is set to true. If you then generate a heatmap, you'll have all the groups included in the heatmap.

We do have an item on our backlog to support multiple group yaml files and also to compare these with ATT&CK groups.

Regards,
Ruben

@rubinatorz rubinatorz added the enhancement New feature or request label Apr 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rubinatorz @CyberGumShew