Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Update ArtifactRegistry.yaml #170

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

hashcat3
Copy link
Contributor

@hashcat3 hashcat3 commented Jul 6, 2022

Each of the controls are categorized as Protect, though each of their comments mentions that once the control is deployed, it can Detect nefarious activity. Should the said controls be mapped to both a Protect and Detect categories? With the given description I'd recommend Detect only. Example: Compare T1068 with T1212.

Each of the controls are categorized as `Protect`, though each of their comments mentions that once the control is deployed, it can `Detect` nefarious activity. Should the said controls be mapped to both a Protect and Detect categories? With the given description I'd recommend `Detect` only. Example: Compare T1068 with T1212.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 6, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@rossj-en
Copy link

rossj-en commented Jul 8, 2022

Taking a look and will review today.

@jadriangg1
Copy link

jadriangg1 commented Aug 5, 2022

@hashcat3 To answer your question, these are labeled correctly as it best matched our scoring rubric's definitions for security controls, but I'll modify the language to avoid similar confusion in the description:

  • Protect is a security control's ability to prevent or minimize the impact of the execution of an ATT&CK.
  • Detect a security control's ability to detect the execution of an ATT&CK (sub-)technique.

For example, a vulnerability scanning capability would be categorized as Protect, where real-time indicators of compromise alerts in a SIEM dashboard would be categorized as Detect. I hope this helps. If you have any questions or comments, please feel free to reach out. Ty!

Reference: https://github.com/center-for-threat-informed-defense/security-stack-mappings/blob/main/docs/scoring.md

Copy link

@jadriangg1 jadriangg1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of changes to the category field, we should change all comments to replace detect with identify.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants