attack-navigator icon indicating copy to clipboard operation
attack-navigator copied to clipboard

Published 20 hours ago verified publisher icon mitre-attack

Feature request: support of STIX 2.1 "Language Content" object

Open 2xyo opened this issue 5 years ago • 1 comments
trafficstars

Problem to Solve

It would be nice (for the reporting to the top management) to be able to display objects in a foreign language.

Current Workaround

Translate each attack pattern / phase in the kill chain in assets/enterprise-attack.json

Proposed Solution

Implement the STIX 2.1 "Language Content object" :

  • if a "language-content" exists regarding an attack pattern/kill_chain_phases
    • allow the user to switch to the available language
    • display each element in the corresponding language

Example:

 {
	"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
	"name": ".bash_profile and .bashrc",
	"description": "Adversaries may establish persistence [...]",
	"type": "attack-pattern",
	[...]
	"x_mitre_detection": "While users [...]",
},
{
	"type": "language-content",
	"id": "language-content--b86bd89f-98bb-4fa9-8cb2-9ad421da981d",
	[...]
	"object_ref": "attack-pattern--b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
	"contents": {
	"fr": {
		"name": ".bash_profile et .bashrc",
		"description": "Des adversaires peuvent [...]",
		"x_mitre_detection" : "Les utilisateurs peuvent[...]" 
	}
}

Additional Information

  • https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_z9r1cwtu8jja - 7.1 Language Content

2xyo avatar Nov 17 '20 14:11 2xyo

Hi @2xyo,

Thanks for reaching out! Translations are definitely something ATT&CK has been thinking about. We plan to eventually support language-content, however currently ATT&CK is still using STIX 2.0 and language-content was introduced in STIX 2.1. Once ATT&CK upgrades to STIX 2.1, we will definitely start working on support for translations through language-content SDOs. This probably won't happen for at least a year however, we have quite a bit of work to do before we can support STIX 2.1 across the infrastructure.

Your current workaround is definitely the way to go until we adopt STIX 2.1. ATT&CK likely will not provide official translations in the short term, but you're welcome to develop your own locally by modifying the content found on our MITRE/CTI repository.

I'll keep this issue open so that we can keep track of the request even though we won't be working on it short-term.

isaisabel avatar Nov 17 '20 14:11 isaisabel