Open theoberthier opened 3 months ago
You are referring to the information listed in kubehound.io (for instance, Escape to Host, T1611
for CE_NSENTER
edge) ?
If so that is a great idea, and will try to include it in the next release as property of the edges.
Yes it's MITTRE attack TTPs ID which are specified in your attack reference
It's a good idea to add it to both databases, so that when another security tool wants to obtain this information, it will do so via the Mongo database or the Graph database. Why ? because gremlin synthax or kubehound dsl are more complexe than mongodb query with SDK in many language.
Hello ! Thank's for the great tool ! When I tested the tool, I saw that the kubehound attacks (TTPs) were not linked directly in the Janus Graph database.
I suggest adding TTPs directly to the Edges details.
If we want to browse the Janus graph data or link the Janus graph with data from another security tool to trace or automate attacks or propose mitigations.
In these cases it's intressting to add the TTP reference directly to the edges.