Closed secAnalyst closed 2 years ago
carlvonderheid
commented
2 years ago If you're trying from the Admin -> Import Data area, we only support the Atomic Red index.
https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/Indexes/index.yaml
thebleucheese
commented
2 years ago 
here's where it goes
thebleucheese
commented
2 years ago The Navigator import is deprecated in the latest release. The MITRE ATT&CK Navigator format is not specific enough to generate Test Cases. It operates at the Technique or Sub-Technique level rather than Procedure level, unfortunately.
We're considering what to do with those navigator layers - maybe a heatmap overlay for planning or visualization but the old navigator import was grabbing every single Test Case template (MITRE Procedure) for a given technique ID as outlined in a Navigator layer. That functionality doesn't make sense anymore, especially as your VECTR instance gets more content. It ends up creating enormous Campaigns that have a large number of Test Cases for a given Technique, of which maybe one or none match what you actually want to test in your environment for a particular threat.
There's currently not a clear way for navigator layers to be specific enough to prescribe concrete procedural testing right now. MITRE is moving in the direction of providing procedural adversary emulation content in their Center for Threat Informed Defense (CTID) projects, but the emulation data is stored in YAML files rather than navigator layers.
secAnalyst
commented
2 years ago If you're trying from the Admin -> Import Data area, we only support the Atomic Red index. https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/Indexes/index.yaml
That was the file I tried to import via the Admin heading. I received the same message that the File format was either invalid or not supported.
secAnalyst
commented
2 years ago The Navigator import is deprecated in the latest release. The MITRE ATT&CK Navigator format is not specific enough to generate Test Cases. It operates at the Technique or Sub-Technique level rather than Procedure level, unfortunately.
We're considering what to do with those navigator layers - maybe a heatmap overlay for planning or visualization but the old navigator import was grabbing every single Test Case template (MITRE Procedure) for a given technique ID as outlined in a Navigator layer. That functionality doesn't make sense anymore, especially as your VECTR instance gets more content. It ends up creating enormous Campaigns that have a large number of Test Cases for a given Technique, of which maybe one or none match what you actually want to test in your environment for a particular threat.
There's currently not a clear way for navigator layers to be specific enough to prescribe concrete procedural testing right now. MITRE is moving in the direction of providing procedural adversary emulation content in their Center for Threat Informed Defense (CTID) projects, but the emulation data is stored in YAML files rather than navigator layers.
Oh ok! Thank you for the information. I was wondering why I no longer say the Nav layer button after the upgrade.
Good afternoon. I have recently upgraded to the 8.2.1 version of VECRT and now I am unable to import the ART index.yaml file or any ATT&CK Navigator json files. I receive the message File format invalid or not supported. I have attempted to import this data from different versions of Navigator.