Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DeTTACT - new galaxy #398

Open
adulau opened this issue May 10, 2019 · 2 comments
Open

DeTTACT - new galaxy #398

adulau opened this issue May 10, 2019 · 2 comments
Labels
help wanted This is an issue that community can help with new galaxy This issue involves the addition of a new galaxy S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore topic: att&ck This issue involves the MITRE ATT&CK framework

Comments

@adulau
Copy link
Member

adulau commented May 10, 2019

https://github.com/rabobank-cdc/DeTTACT/blob/master/sample-data/techniques-administration-endpoints.yaml
@adulau adulau added topic: att&ck This issue involves the MITRE ATT&CK framework new galaxy This issue involves the addition of a new galaxy labels May 10, 2019
@enjeck enjeck added help wanted This is an issue that community can help with S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore labels Nov 18, 2020
@cvandeplas
Copy link
Member

@adulau
The techniques documented in the link you gave are the MITRE ATT&CK ones. These are already included as Galaxy.
Secondly, the linked file is part of sample-data, so we should not use this data as source.

Is there something else you were thinking about when opening this issue five years ago? :-)

@adulau
Copy link
Member Author

adulau commented Mar 29, 2024

Blast from the past, thanks for the recall! I just add a look why I did this quick-and-dirty issue. After looking into my notes, the idea was the following based on this source: https://github.com/rabobank-cdc/DeTTECT/blob/master/data/dettect_data_sources.json

They express the relationships between the logs to be used to detect a specific technique (which seems a bit different than the DS/datasource in MITRE ATT&CK). So it would allow a user to know which kind of detection is required to check/hunt for a specific technique. Not sure if it's a galaxy matrix or maybe just a galaxy with a relationship towards the specified techniques.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted This is an issue that community can help with new galaxy This issue involves the addition of a new galaxy S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore topic: att&ck This issue involves the MITRE ATT&CK framework
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adulau @cvandeplas @enjeck