attack-datasources icon indicating copy to clipboard operation
attack-datasources copied to clipboard

Published 20 hours ago verified publisher icon mitre-attack

Support NIDS and WAF via new 'network traffic content' relationship

Open hxnoyd opened this issue 3 years ago • 2 comments

Hello.

With the new DS structure NIDS and WAF are no longer available. A new relationship could be created in order to improve the mapping with alert related events:

  • Data source: Network Traffic
  • Data component: network traffic content
  • Relationship:
  - source_data_element: network traffic        
    relationship: triggered        
    target_data_element: alert

Thanks in advance.

hxnoyd avatar May 24 '21 11:05 hxnoyd

Hey @hxnoyd!

Hmm yeah I see what you are getting at. I'm not sure this is something we would add though, since alert could apply as a relationship to (almost) every DS in the same fashion, since the level of abstraction is related to what kind of data (elements) are we referring to.

We'll think about it more, and definitely share more thoughts in opinions. Thanks!

jcwilliamsATmitre avatar May 24 '21 14:05 jcwilliamsATmitre

Circling back to this, we have published the first release of the data sources - https://attack.mitre.org/datasources/ but will consider this feedback for future releases. I'll reach out to directly as needed.

Thanks again!

jcwilliamsATmitre avatar Oct 21 '21 16:10 jcwilliamsATmitre

Admin note: closing all remaining issues and pull requests prior to archiving the repository

jondricek avatar Sep 13 '23 15:09 jondricek