search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k stars 161 forks source link

Import from ATT&CK™ Navigator Layer JSONObject["version"] not found. #99

Closed devnull044 closed 3 years ago

devnull044 commented 3 years ago

Anytime I try and import a nav layer created via the MITRE ATT&CK webiste, I get the pop-up/error below:

image

Does the platform only accept a certain version of the Nav Layer? I think the highest on the website at the moment is ATT&CK v8.

If that is the case, could it be specified somewhere more clearly.

Thanks.

SRAPSpencer commented 3 years ago

We attempt to always stay current with the latest versions of MITRE ATT&CK but we don't have a build out for the 8.0 release yet, as it is only a few weeks old. We're hoping to have one out later this week or early next week.

It's a good suggestion to have more user friendly error reporting on this screen, I'll submit a feature request for this.

devnull044 commented 3 years ago

@SRAPSpencer so whats the latest it will support currently? I tried as far back a 4.0 and seemed to give me the same error.

SRAPSpencer commented 3 years ago

We support ATT&CK 7. Can you clarify if you're trying to import CTI data or are you working with Navigator data? These are slightly different and may be presenting different issues depending on what you're trying to import.

thebleucheese commented 3 years ago

A note - the current navigator is always exporting data in the "Navigator v4.0" schema. Exporting as ATT&CK v4 just changes the ATT&CK schema, but doesn't change the Navigator layer schema. VECTR currently doesn't support Navigator v4.0, MITRE changed the schema of the "version" field from a string to an object (which was somewhat surprising). The next release of VECTR which is expected very soon, probably within the next week, will support the Enterprise ATT&CK 8.0 tactics and techniques as well as the Nagivator 4.0 schema version.

If you want to import Navigator layers into VECTR using them to generate content, you can use older version of navigator for right now until the next version of VECTR is released. You can try https://mitre-attack.github.io/attack-navigator/v3/enterprise/

devnull044 commented 3 years ago

@SRAPSpencer, @thebleucheese answered my question for me. Sorry I didnt ask more clearly.

Appreciate the help until the next update.

SRAPSpencer commented 3 years ago

@devnull044 Version 6.0.3 has been released adding support for ATT&CK 8.0 and Navigator 4.0 schema.