Mapping TTPs and CVEs

[afarao]

Hi! I am new here!
Is there any way to link TTPs and CVEs through the Caldera?
Through the Pathfinder plugin I have received the network topology including the CVES, and then I have created an operation using as adversary the Thief.
Once the operation is done, I use the Debrief plugin to see how the operation is completed and then I can see the used TTPs.
Is there any way to export which CVEs are linked to each used TTP?
Thanks in advance!

[wbooth]

If you want to link TTPs to CVEs there is the ability to tag ability yaml files when they are created. This can be observed in the pathfinder repo with the heartbleed ability contained in the repo (which is tagged with a CVE):
https://github.com/center-for-threat-informed-defense/caldera_pathfinder/blob/master/data/abilities/initial-access/315f8fcc-c05a-4db0-9f9a-5daade661540.yml#L12

The limitation is that abilities that are created implementing CVEs need to have information tagged on them when they are created for it to be useful. Also, to the extent of my knowledge, the only plugin using the tags on objects is pathfinder.

From: @mrengstrom