Open theoberthier opened 3 months ago
jt-dd
commented
3 months ago You are referring to the information listed in kubehound.io (for instance, Escape to Host, T1611 for CE_NSENTER edge) ?
If so that is a great idea, and will try to include it in the next release as property of the edges.
theoberthier
commented
3 months ago Yes it's MITTRE attack TTPs ID which are specified in your attack reference
theoberthier
commented
2 months ago It's a good idea to add it to both databases, so that when another security tool wants to obtain this information, it will do so via the Mongo database or the Graph database. Why ? because gremlin synthax or kubehound dsl are more complexe than mongodb query with SDK in many language.
Hello ! Thank's for the great tool ! When I tested the tool, I saw that the kubehound attacks (TTPs) were not linked directly in the Janus Graph database.
I suggest adding TTPs directly to the Edges details.
If we want to browse the Janus graph data or link the Janus graph with data from another security tool to trace or automate attacks or propose mitigations.
In these cases it's intressting to add the TTP reference directly to the edges.