search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.37k stars 162 forks source link

Map Campaigns to Threat Actors #17

Open ssnkhan opened 5 years ago

ssnkhan commented 5 years ago

New user, so apologies if this facility already exists. One of the things we would like to do is to attribute a Campaign to a specific Threat Actor (e.g., Lazarus, Cobalt Group, ATP28, FINX etc). Is there a way to do that, and if not, would it be possible to consider this as a feature request please?

thebleucheese commented 5 years ago

@ssnkhan When you get a chance can you check out the latest MITRE filters on the Heatmap report and see if that fulfills this request? We're looking at also adding the capability to filter based on a custom ATT&CK navigator layer.

The current functionality we added in this release is shown below.

  1. Select Filters mitreFilters1

  2. Heatmap with Selectable Campaigns/Assessments Filtered to a Threat Actor's Techniques mitreFilters2Result

ssnkhan commented 5 years ago

@thebleucheese This looks great! One additional feature request for the HeatMap - being able to toggle between Detection/Block counts, and actual TTP counts. (e.g., a TTP with detection of 5/5 might show as green, however, if that TTP is only used 5 times, and another one is used 19 times, colour grade the TTPs based on their total counts).