attack-navigator
attack-navigator copied to clipboard
mitre-attack
Default technique state
As a user of the ATT&CK navigator, I want to be able to configure the default technique state, both in the Navigator itself and in uploaded layers.
The default state would be overridden by defined values in the techniques of an uploaded layer. For example, the user could set the default state of enabled to false, thereby disabling all techniques, then upload a layer with a few explicitly enabled techniques to only enable those techniques.
This could be configured as part of the Navigator configuration, and also in the layer file itself.
- If defined in the config file, it would set the default state of techniques for all layers (created or uploaded) to the configured defaults.
- In the layer file, it would set the default state of techniques on just that that layer to the configured default. This would also override the defaults defined in the config file.
Currently the Navigator does not respect the "hideDisabled" and "enabled" configuration fields in layers. And hiding unused techniques must be done by manual selection in the navigator.
Is that the intended behavior? Is there a setting that I should modify in addition to the layer's settings? Thanks.
I was testing this using the development branch: https://github.com/mitre-attack/attack-navigator/commit/3479ff9c1eac4232dfbdc4d99fbe75dc1dfb081a And the provided sample layer: https://github.com/mitre-attack/attack-navigator/blob/bad24a876b5e2a703a9c76d89e7f705896d64546/layers/LAYERFORMATv4_1.md
===== Correction/Update: I needed to have a layer that contained all of the techniques for the "hideDisabled" and "enabled" fields to take effect. After collecting a layer that contained all of the techniques, modifying the fields, and re-uploading, unused techniques were hidden correctly.
If there were to be a change going forward, I think it would be neat to allow users to set all the techniques to be off/disabled by default. Then the layers that are either uploaded or configured as default layers can explicitly enable select techniques.
Hi @jberry777,
The hideDisabled. and enabled configuration is working as intended in the develop branch. Only techniques marked with enabled=false and when hideDisabled=true are hidden. This issue covers the desire to set a default state in the app's configuration so that users can hide all techniques not listed in the layer file (as in your second comment).
For now, there is an easy way to hide unused techniques, provided they have scores/comments:
- right click any technique and click "select unannotated" to select all techniques without a score/comment/color
- disable these techniques
- hide disabled techniques
This essentially hides all techniques that don't have annotations, which is a quick way to achieve the desired result (although it only works if the desired techniques have annotations of some sort).
Hope this helped!
Just bumping this as a desired feature - your work around was helpful. Thank you!
I would also love this feature. We automate deploying a Navigator instance using CI pipelines, automatically loading layers we generate from previous red team operations. Having certain layer files only display annotated techniques would be ideal.
Possibly just adding it as a filter option would do the trick. It looks like something similar was done here for layer upgrades. Getting this functionality in as a core filter would be amazing.
In essence, being able to define this in a layer file like this:
"filters": {
"showUnannotated": false
}
Thanks for a great resource!
