search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
5.16k stars 815 forks source link

[Feature] Integrate with Mitre Attack Viewer Coverage files #3434

Open MaxwellDPS opened 1 year ago

MaxwellDPS commented 1 year ago

Use case

When using something like https://github.com/mitre-attack/attack-navigator to track TTP coverage, it would be super neat to be able to import the layers to compare to TA's or other entities

Current Workaround

Not really any

Proposed Solution

Allow importing of Mitre Attack Nav layers to compare to compare to TA's or other entities

Additional Information

N/A - LMK if y'all have any Q's! Keep up the great work team

If the feature request is approved, would you be willing to submit a PR?

Yes

Jipegien commented 1 year ago

@MaxwellDPS Can you give more detail about your usage? Do you want to import the json from mitre-attack viewer in order to add the TTP to a TA in OpenCTI? Is it to generate a view in OpenCTI to see the differences between what TTPs are already linked in your OpenCTI what is listed in your import?

MaxwellDPS commented 1 year ago

Howdy @Jipegien!

TLDR my use case would be:

  1. Use the Mitre Attack Navigator to create a representation of what TTPs I am currently have alerts for
  2. Import that layer to OCTI and link it to an Org
  3. Then have the ability to do like a diff against different object's like Malware, TA's, Intrusion sets etc

That way it would be possible to visualize any weak points in alerting against specific threats

Jipegien commented 1 year ago

That's a great idea! We need to think about it and see how we can do this. Thank you!

MaxwellDPS commented 7 months ago

Hey any update on this one @SamuelHassine