carlvonderheid
commented
4 years ago Thanks for the feedback! We will be making changes to the escalation diagram in the near future, and will incorporate your request into our notes.
Open tbearden opened 4 years ago
carlvonderheid
commented
4 years ago Thanks for the feedback! We will be making changes to the escalation diagram in the near future, and will incorporate your request into our notes.
frloudet
commented
4 years ago Just to let you know, I second the suggestion and will be happy to use this feature when available. Being able to re-order individual killchains in campaigns would be nice/helpful for sure.
HPxpat
commented
3 years ago I was about to ask for this feature as well when I saw that it has been mentioned already almost one year ago. @carlvonderheid is there any plan to incorporate the request in Vectr in the near future? We would really like to use such feature to highlight the different attack paths in our campaigns.
carlvonderheid
commented
3 years ago @HPxpat We are hoping to be out of requirements gathering and into design / prototyping sometime in Q2. While the initial ask seems fairly straightforward, we are planning how this change is going to propagate to the reporting layer. The escalation diagram is currently at the Campaign level, and the reporting view lets you aggregate multiple Campaigns across multiple Assessments. We are trying to decide if there's a single pane that can combine all the views into one, or do we need a cycling mechanism to display each campaign one at a time. Will keep you guys posted on when we are out of design and prototyping and into dev. Thanks for the interest!
z3mil
commented
1 year ago +1 on this feature request, might recommend att&CK flows as inspiration for ordering campaign test cases https://mitre-engenuity.org/blog/2022/10/27/attack-flow/
chryzsh
commented
1 year ago +1 for this indeed!
I have a campaign that has test cases for t1110 brute force, t1213 data from information repositories, and t1039 data from network shared drive, and right now 1213 and 1039 both show up below the brute force in the escalation path.
It would be nice to be able to drag/drop one test case on to another in the escalation path to change the escalation path connections.
In this case, 1213 is actually a top level item, then 1135 network share discovery, then 1039 data from network shared drive, with 1110 brute force being a dead end node off of 1213.