attack-flow
attack-flow copied to clipboard
center-for-threat-informed-defense
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows f...
Hey all, I have been attempting to get started with this project and used this step by step: https://github.com/center-for-threat-informed-defense/attack-flow Here are the steps I have done: - cloned the repo:...
The developer documentation in `README.md` is missing a crucial step.
The current browser based technique for documenting the ATT&CK Flows has basically no function for orienting or re-balancing the "diagram". Have you considered using Modelio instead of browser based? [https://www.modelio.org/](https://www.modelio.org/)....
Attempting to design a user interface using this schema. And have a couple of questions: The purpose of Object Properties is not clear, and none of the corpus json examples...
Hi, I am real impressed with your initiative. I have wondered for some time why cyber-security doesn't capture temporal sequences, and thereby ignores tools such as process mining. Anyway, I...
Hi: Noticed the [atomic-red-team](https://github.com/redcanaryco/atomic-red-team) has a command field for attack detail. [eg](https://github.com/redcanaryco/atomic-red-team/raw/ef93c45591dffd2055411a6ef54ac91703db8381/atomics/T1548.002/T1548.002.yaml): ```yaml input_arguments: executable_binary: description: Binary to execute with UAC Bypass type: Path default: C:\Windows\System32\cmd.exe executor: command: | reg.exe...
Information extracted from: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
It would be useful to be able to have pre-built schemas for common tool outputs, such as from Volatility modules, Eric Zimmerman's suite of tools, popular open-source forensics tools (AmcacheParser,...
If the timestamp fields are left blank, then the Designer will export actions with `"timestamp":""` fields, but this is not valid against the current spec. We will update the spec...
Currently there is a "reference" field which may link to a ATT&CK ID, but there is no way to link to the normative MITRE STIX objects for ATT&CK. A field...
Metadata
Owner
center-for-threat-informed-defense
Metadata
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows f...