Add the Microsoft galaxy "Threat Matrix for Storage Services "

MISP / misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)

https://misp-galaxy.org/

Other

516 stars 257 forks source link

Add the Microsoft galaxy "Threat Matrix for Storage Services " #947

Closed cudeso closed 6 months ago

cudeso commented 6 months ago

From https://microsoft.github.io/Threat-matrix-for-storage-services/

cvandeplas commented 6 months ago

Raw data is located here: https://github.com/microsoft/Threat-matrix-for-storage-services/tree/main

At first sight it looks similar to the Azure Threat Research Matrix, so the tools/gen_atrm.py script might be a good source of inspiration to generate this Galaxy.

cvandeplas commented 6 months ago

I've raised a feature request for having some uniformity at Microsoft. :-)

cvandeplas commented 6 months ago

New initial galaxy/cluster added in the tools/gen_ms_tmss.py script. The script is pushed to the repo, but not the galaxy/cluster yet. There might be value in refactoring some things to merge the Microsoft Galaxies together in one microsoft namespace, although I'm not sure about the impact. What are your thoughts?

Includes also the relations to MITRE ATT&CK Attack Patterns:

cvandeplas commented 6 months ago

As discussed, changed the namespace to Microsoft