Issue importing Navigator ATT&CK json

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

1.36k stars 161 forks source link

Issue importing Navigator ATT&CK json #129

Closed the2dl closed 3 years ago

the2dl commented 3 years ago

Hello,

I tried to import a Conti ransomware Navigator json file (file is located here > Conti Navigator

I was on VECTR v6 and it just said it didn't support nav layer 4.2, so I upgraded to VECTR v7.0.0 and now I get a different error message (attached below).

Screen Shot 2021-05-26 at 8 15 39 AM

Is there something I can modify to make this import? I tried to tweak a few settings in the json but ended up with more programatic errors.

Thanks!

carlvonderheid commented 3 years ago

I don't think "mitre-enterprise" is a valid domain. From the Layer Format documentation (https://github.com/mitre-attack/attack-navigator/blob/master/layers/LAYERFORMATv4_2.md):

You can try to change: "domain": "mitre-enterprise" to "domain": "enterprise-attack"

the2dl commented 3 years ago

Yeah, that's the thing I tested - I end up with the error message below >

Screen Shot 2021-05-26 at 8 44 22 AM

Perhaps the file has some other issues in it.

carlvonderheid commented 3 years ago

Change: "version": "4.2", to "versions": { "attack": "9", "navigator": "4.3", "layer": "4.2" },

the2dl commented 3 years ago

Fantastic! Thank you for the assist, imported and working great.