Open adulau opened 5 years ago
cvandeplas
commented
7 months ago @adulau
The techniques documented in the link you gave are the MITRE ATT&CK ones. These are already included as Galaxy.
Secondly, the linked file is part of sample-data, so we should not use this data as source.
Is there something else you were thinking about when opening this issue five years ago? :-)
adulau
commented
7 months ago Blast from the past, thanks for the recall! I just add a look why I did this quick-and-dirty issue. After looking into my notes, the idea was the following based on this source: https://github.com/rabobank-cdc/DeTTECT/blob/master/data/dettect_data_sources.json
They express the relationships between the logs to be used to detect a specific technique (which seems a bit different than the DS/datasource in MITRE ATT&CK). So it would allow a user to know which kind of detection is required to check/hunt for a specific technique. Not sure if it's a galaxy matrix or maybe just a galaxy with a relationship towards the specified techniques.
https://github.com/rabobank-cdc/DeTTACT/blob/master/sample-data/techniques-administration-endpoints.yaml