VECTR icon indicating copy to clipboard operation
VECTR copied to clipboard

Published 20 hours ago verified publisher icon SecurityRiskAdvisors

Add reordering of campaign escalation path connections

Open tbearden opened this issue 5 years ago • 6 comments

I have a campaign that has test cases for t1110 brute force, t1213 data from information repositories, and t1039 data from network shared drive, and right now 1213 and 1039 both show up below the brute force in the escalation path.

It would be nice to be able to drag/drop one test case on to another in the escalation path to change the escalation path connections.

In this case, 1213 is actually a top level item, then 1135 network share discovery, then 1039 data from network shared drive, with 1110 brute force being a dead end node off of 1213.

tbearden avatar Feb 03 '20 22:02 tbearden

Thanks for the feedback! We will be making changes to the escalation diagram in the near future, and will incorporate your request into our notes.

carlvonderheid avatar Feb 04 '20 13:02 carlvonderheid

Just to let you know, I second the suggestion and will be happy to use this feature when available. Being able to re-order individual killchains in campaigns would be nice/helpful for sure.

frloudet avatar Jul 22 '20 07:07 frloudet

I was about to ask for this feature as well when I saw that it has been mentioned already almost one year ago. @carlvonderheid is there any plan to incorporate the request in Vectr in the near future? We would really like to use such feature to highlight the different attack paths in our campaigns.

HPxpat avatar Feb 25 '21 17:02 HPxpat

@HPxpat We are hoping to be out of requirements gathering and into design / prototyping sometime in Q2. While the initial ask seems fairly straightforward, we are planning how this change is going to propagate to the reporting layer. The escalation diagram is currently at the Campaign level, and the reporting view lets you aggregate multiple Campaigns across multiple Assessments. We are trying to decide if there's a single pane that can combine all the views into one, or do we need a cycling mechanism to display each campaign one at a time. Will keep you guys posted on when we are out of design and prototyping and into dev. Thanks for the interest!

carlvonderheid avatar Feb 26 '21 11:02 carlvonderheid

+1 on this feature request, might recommend att&CK flows as inspiration for ordering campaign test cases https://mitre-engenuity.org/blog/2022/10/27/attack-flow/

z3mil avatar Feb 02 '23 19:02 z3mil

+1 for this indeed!

chryzsh avatar Feb 27 '23 19:02 chryzsh