-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enriched rule names #82
base: master
Are you sure you want to change the base?
Conversation
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Renamed correctly.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Renamed correctly.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Included in another rule
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Added tactic_(id,name) technique_(id,name) subtechnique_(id,name). Updated old techniques to new or reassigned subtechniques.
Excellent work @Doserdog ! @olafhartong This is a rather large pull but I think it will extend all of the great work you have done to get even more benefits out of the modular approach. The script I created on my PR to match valid Mitre ATT&CK will work very well with the new rules created here. Let me know how I can assist! |
Thanks a LOT for all this work, I'm still contemplating whether I want this much information in there. |
That is true on the readability, but think about the advantages to your SIEM as you will have the Tactic info available and you won't have to cross reference. Definitely think about it. The idea is that you can use the script from PR #80 to help manage and maintain proper Tactics/Techniques in the rule names as it will check for those things. Here is a sample dashboard with the data from the extended rule names from our SIEM: |
I like it. |
This pull request addresses issue #81.
Namely, enriches the rule name to include tactic_(id,name) technique_(id,name) subtechnique_(id,name).
Additionally updated older techniques to their most recent TTP.