Closed rubinatorz closed 2 years ago
Hey @rubinatorz You are right, there is no data component called "Firewall Enable". I added that component to the use-cases folder because I made a PR to the attack-datasources repo, but it was not merged LOL. I will remove that component from the use-cases file 👍 and keep the component and relation under the relationships folder.
Thank you very much for letting us know about it 🙏
All the files related have been updated 😃 🍻 Thank you 🙏
I see there's a firewall_enabled.yml relationshop file, containing event ID 5024 and defining the Firewall Enabled data source. It's also reflected in the main/use-cases/mitre_attack/attack_relationships.yml file, stating:
But within ATT&CK there's no data component called "Firewall Enable(d)".