Skip to content

v1.1

Compare
Choose a tag to compare
@rubinatorz rubinatorz released this 08 May 08:29
· 925 commits to master since this release
4277bc1
  • Technique administration YAML file version 1.1

    New version (1.1) of the technique administration YAML file introducing the following improvements:

    • A technique can now have multiple detection and visibility objects. This allows you to have more detailed scores for a different type of systems by making use of the new key-value pair applicable_to.
    • Added the key-value pair applicable_to to the detection and visibility object. This allows you to specify a list of the type of system(s) to which it applies. For example: crown jewel X, endpoints, etc. You can use the value ['all'] to have the detection or visibility be applicable to all type of systems.
    • Added the key-value pair technique_name, containing the techniques' name (e.g. "Process Injection"), to every technique ID.

    Older technique administration files can be automatically upgraded to this new version. DeTT&CT will prompt you on this if an upgrade is available.

  • Excel output

    It is now possible to export your technique administration for visibility and detections to Excel:

python dettect.py d -ft sample-data/techniques-administration-endpoints.yaml -fd sample-data/data-sources-endpoints.yaml --excel
File written: output/techniques.xlsx
  • Several smaller improvements
    • The detection and visibility layer file contains a score to allow sorting within the ATT&CK Navigator.
    • Added a score for detection/visibility when overlaid with a group to improve the visual comparison.
    • The ATT&CK Navigator's legend is improved when overlaying detection or visibility on a group.
    • Added colours to the Excel output to visualise the scores for data source quality, visibility and detections.
    • Remember the selected path for a YAML administration file in the interactive menu.
    • Added a more detailed error message for invalid YAML files.
    • Constants have been moved to its own file constants.py.
  • Bug fixes
    • Fixed a bug reported by @tuckner: issue #3 - product list not appending for visibility ATT&CK layer)
    • Fixed a bug that would cause a crash when doing a software-group using a visibility or detection overlay.
    • Fixed a bug that would cause a crash when the YAML 'score' key-value pair had no value assigned.