misp-galaxy icon indicating copy to clipboard operation
misp-galaxy copied to clipboard
verified publisher icon MISP

DeTTACT - new galaxy

Open adulau opened this issue 6 years ago • 2 comments

https://github.com/rabobank-cdc/DeTTACT/blob/master/sample-data/techniques-administration-endpoints.yaml

adulau avatar May 10 '19 12:05 adulau

@adulau
The techniques documented in the link you gave are the MITRE ATT&CK ones. These are already included as Galaxy. Secondly, the linked file is part of sample-data, so we should not use this data as source.

Is there something else you were thinking about when opening this issue five years ago? :-)

cvandeplas avatar Mar 29 '24 07:03 cvandeplas

Blast from the past, thanks for the recall! I just add a look why I did this quick-and-dirty issue. After looking into my notes, the idea was the following based on this source: https://github.com/rabobank-cdc/DeTTECT/blob/master/data/dettect_data_sources.json

They express the relationships between the logs to be used to detect a specific technique (which seems a bit different than the DS/datasource in MITRE ATT&CK). So it would allow a user to know which kind of detection is required to check/hunt for a specific technique. Not sure if it's a galaxy matrix or maybe just a galaxy with a relationship towards the specified techniques.

adulau avatar Mar 29 '24 08:03 adulau