Skip to content

Commit

Permalink
Development hotfix: Mapping tables script (#14)
Browse files Browse the repository at this point in the history 
* Final review of project README

* Script initial commit

* code for new file creation

* Adding newest version of spreadsheet, updated READMEs

* Overhauling create_mappings.py

Fix to handle mixed data types properly,
Improved running time of script

* Function rehauling

* Updated mappings to new CSVs, updated layers

* updated header

* Updates to mapping tables

* functional

---------

Co-authored-by: Mark E. Haase <[email protected]>
  • Loading branch information
@tleef42 @mehaase
tleef42 and mehaase authored Dec 4, 2023
1 parent 67f9d09 commit 856afef
Show file tree
Hide file tree
Showing 28 changed files with 9,960 additions and 21,901 deletions.
102 changes: 50 additions & 52 deletions docs/levels/mapping_auditd.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,10 @@ visualize the sensor coverage in ATT&CK Navigator.
<i class="fa fa-map-signs"></i> Open in ATT&CK Navigator</a>
</p>

.. MAPPINGS_TABLE Generated at: 2023-10-03T10:40:58.770502Z
.. MAPPINGS_TABLE Generated at: 2023-12-04T02:57:27.860035Z
Enterprise
----------

.. list-table::
:widths: 35 30 20 25
Expand Down Expand Up @@ -219,7 +222,7 @@ visualize the sensor coverage in ATT&CK Navigator.
- Service Modification

* - MAC_CIPSOV4_DEL
- Triggered when a CIPSO user deletes an existing DOI. Adding DOIs is a part of the packet labeling capabilities of the kernel provided by NetLabel
- Triggered when a CIPSO user deletes an existing DOI. Adding DOIs is a part of the packet labeling capabilities of the kernel provided by NetLabel.
- Service
- Service Modification

Expand Down Expand Up @@ -313,6 +316,51 @@ visualize the sensor coverage in ATT&CK Navigator.
- File
- File Access

* - USER_CHAUTHTOK
- op record field contains value deleting mail file
- File
- File Deletion

* - USER_CHAUTHTOK
- op record field contains value moving home directory
- User Account
- User Account Access

* - USER_CHAUTHTOK
- op record field contains value user lookup
- User Account
- User Account Access

* - USER_CHAUTHTOK
- op record field contains value deleting user entries
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting user not found
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting user
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting user logged in
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting home directory
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value unlock password
- User Account
- User Account Metadata

* - USER_CHAUTHTOK
- op record field contains value change password
- User Account
Expand Down Expand Up @@ -463,11 +511,6 @@ visualize the sensor coverage in ATT&CK Navigator.
- User Account
- User Account Modification

* - USER_CHAUTHTOK
- op record field contains value user lookup
- User Account
- User Account Accessed

* - USER_CHAUTHTOK
- op record field contains value adding group
- User Account
Expand All @@ -488,36 +531,6 @@ visualize the sensor coverage in ATT&CK Navigator.
- User Account
- User Account Modification

* - USER_CHAUTHTOK
- op record field contains value deleting user entries
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting user not found
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting user
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting user logged in
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting mail file
- File
- File Deletion

* - USER_CHAUTHTOK
- op record field contains value deleting home directory
- User Account
- User Account Deletion

* - USER_CHAUTHTOK
- op record field contains value lock password
- User Account
Expand All @@ -533,11 +546,6 @@ visualize the sensor coverage in ATT&CK Navigator.
- User Account
- User Account Modification

* - USER_CHAUTHTOK
- op record field contains value unlock password
- User Account
- User Account Metadata

* - USER_CHAUTHTOK
- op record field contains value changing name
- User Account
Expand All @@ -553,11 +561,6 @@ visualize the sensor coverage in ATT&CK Navigator.
- User Account
- User Account Modification

* - USER_CHAUTHTOK
- op record field contains value moving home directory
- User Account
- User Account Access

* - USER_CHAUTHTOK
- op record field contains value changing mail file name
- User Account
Expand Down Expand Up @@ -603,11 +606,6 @@ visualize the sensor coverage in ATT&CK Navigator.
- Logon Session
- Logon Session Metadata

* - USER_ROLE_CHANGE
- op record field is not present
- User Account
- User Account Modification

* - USER_ROLE_CHANGE
- op record field contains add SELinux user record
- User Account
Expand Down
Loading

0 comments on commit 856afef

Please sign in to comment.