carlvonderheid
commented
1 year ago This is a good idea. The technique field is actually a modified text box, as it allows for any free-form text. It is linked to the MitreID field under the Red Team Details. I think it would be a good idea to limit that MitreID selection to be a subset of the techniques of the selected Phase, assuming the Phase is a Mitre Tactic (Phases can be part of a different or custom Kill Chain).
We can add a check for mismatched Tactic <-> Techniques in the "Data Integrity" report as well.
May I suggest constraining the phase ('tactic' in MITRE language) dropdown by technique (or vice-versa, depending on what is selected first), because at the moment it's too easy to create a test case with the wrong technique/phase combo, due to a wrong assumption, misunderstanding or just plain old selection error. These errors then make their way into reports (I generate custom reports, I can't comment on whether errors appear in reports generated by VECTR).
Since the GraphQL was updated to contain 'phase' (thanks so much for that!), I wrote a phase/technique combo validator as part of my report generation step, which illuminated many errors in my test cases, which thankfully I can now rectify. But I think this feature could be a nice addition to the core product.
Admittedly I have only considered the MITRE killchain, because that's what I use.
Edit: On second thoughts, maybe constraining the dropdown is too strong, because it could prevent users from intentionally mismatching, which could be useful to them (for unknown reasons). Alternatives could be to have a toggle for the constraint, or to display a warning if a mismatch is identified.