Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deprecate ATT&CK course-of-action and replace by new mitigations #470

Open
cvandeplas opened this issue Nov 4, 2019 · 0 comments
Open

deprecate ATT&CK course-of-action and replace by new mitigations #470

cvandeplas opened this issue Nov 4, 2019 · 0 comments
Labels
S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore T: enhancement Type: enhancement. This issue is not a bug, it improves an existing feature topic: att&ck This issue involves the MITRE ATT&CK framework

Comments

@cvandeplas
Copy link
Member

See mitre/cti#65 (comment)

Prior to the July 2019 ATT&CK update (also known as ATT&CK-v5.0) mitigation objects in the Enterprise domain had 1:1 relationships with techniques, and were kept on the technique pages. Thus the external reference URL pointing to a technique page, and the ID which implies that it is a technique (even though from a STIX perspective it is not). You can see this behavior in action via our previous versions archive here.
In the July 2019 update referenced above, we refactored our enterprise mitigations to support many:many relationships with techniques. This update involved deprecating all of the old enterprise course-of-action objects in favor of the new mitigations.
Deprecated objects (marked with the x_mitre_deprecated field) are no longer supported by ATT&CK. They are kept in our repo for the purposes of historical record and to avoid breaking any code that may rely on those specific objects. However, their external references URLs are not guaranteed to lead to live pages on our website, and we do not provide updates to their content. In the case of the mitigations such as T1168 they were removed from the website altogether.

And also : https://attack.mitre.org/mitigations/enterprise/
@cvandeplas cvandeplas added the T: enhancement Type: enhancement. This issue is not a bug, it improves an existing feature label Nov 4, 2019
@enjeck enjeck added S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore topic: att&ck This issue involves the MITRE ATT&CK framework labels Nov 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore T: enhancement Type: enhancement. This issue is not a bug, it improves an existing feature topic: att&ck This issue involves the MITRE ATT&CK framework
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cvandeplas @enjeck