Skip to content

v1.5.0
Compare
Choose a tag to compare
@marcusbakker marcusbakker released this 20 Dec 09:15
· 339 commits to master since this release
v1.5.0
18ab017

Generic

  • We've added multiple custom data sources (Web, Email, Internal DNS and DHCP) as an extension to the native ATT&CK data sources. We call these custom data sources: DeTT&CT data sources. These data sources will significantly improve the automatic calculation of your rough visibility based on the number of available data sources. In addition, it provides the capability to score and administrate these important data sources separately. You can find more information here.
    • Please note that your rough visibility score will be lower for some of the techniques because we've added DeTT&CT data sources.
  • Sample-data: the technique administration is now in sync again with the data source administration.

CLI

Data sources - Applicable to / type of System

Similar to the technique administration file, we added support for applicable to within the data source administration. The CLI automatically upgrades version 1.0 data source administration files to data format v1.1.

This upgrade can only ensure the data format will be in line with v1.1. But cannot handle how you've recorded information on your data sources. It's therefore advised to put some manual work into the data source administration file after this upgrade. For example, to do things like:

  • Assign data sources to the correct type of Systems (which are furthermore linked to ATT&CK platforms).
  • As we recommend and explain here, have matching Systems/applicable to between your technique and data source administration YAML file.
  • Merge multiple data source files into one single file when you had multiple data source files per ATT&CK platform, type of system, environment, etc. The new v1.1 data format supports combining all of that within the same data source YAML file using the new Systems object.

You can find further information on this new applicable to/type of System functionality here.

Other CLI Changes

  • Within the datasource mode, the platform filter argument (-p/--platform) has been replaced by an option to filter on applicable to value (-a/--applicable_to).
  • Added a graceful exit of DeTT&CT when MITRE's CTI server could not be reached.
  • The following functionality has been removed:

    • Upgrading a technique administration file from version 1.0 to 1.1 and version 1.1. to 1.2.

    • Letting you know that you are missing specific data sources within your data source administration file. This was implemented in the health check and Excel output.

      We noticed that this check could be bothersome when you knew that a data source was missing. We have implemented new features within the Editor to get you informed on relevant data sources.

  • Support for DeTT&CT data sources: Web, Email, Internal DNS and DHCP. You can find more information here.
  • Updated all Python dependencies.
  • Numerous small improvements.

Editor

  • Data sources
    • Added support for the data source schema version 1.1, including support for:
      • Editing the Systems object with its applicable to values and corresponding ATT&CK platforms.
      • A drop-down menu to link a data source to one or more Systems/applicable to values.
    • Improved the autofill dropdown for data sources to only show data sources which are not yet administrated and apply to the included ATT&CK platforms.
    • Added a new button to add all data sources at once for the ATT&CK platforms in scope.
      Source of the idea: @SecurePeacock
  • Techniques
    • Auto suggest list for applicable to values.
  • UI improvement: collapsable file details section (will close on scroll).
    This behaviour can be prevented by using the lock icon.
  • Support for DeTT&CT data sources: Web, Email, Internal DNS and DHCP. You can find more information here.
  • Updated all JavaScript dependencies. (already published before the release of 1.5.0)
  • Numerous small improvements and bug fixes.
Assets 2
Loading