search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.27k stars 605 forks source link

[Bug] Mitre ATT@CK Technique not showing up in the case GUI #2272

Open danniranderis opened 2 years ago

danniranderis commented 2 years ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu 20.04 LTS
OS version (client) Windows 10
Virtualized Env. True
Dedicated RAM 6 GB
vCPU 6
TheHive version / git hash 4.1.14-1
Package Type DEB
Database Cassandra
Index type Lucene
Attachments storage Local
Browser type & version Microsoft Edge (Chromium-based) version 95.0.1020.40

Problem Description

When importing new TTPs for Mitre ATT@CK, TA0005 - T1562 with the sub-techniques T1562.001-010 is not visible in the GUI and therefore not able to assign them cases, as seen in the below image.

image

Looking at the Admin after importing, it is possible to search for it and it seems to be correct:

image

And opening the T1562, we can see the sub-techniques:

image

Making a hard reload in the browser does not help, and restarting the application on the server doesn't help either.

Steps to Reproduce

  1. Get the json file from: https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json?version=TheHive-4.1.14-1
  2. Import it under Admin --> ATT@CK Patterns
  3. Search for the T1562 under "Defense Evasion" when trying to add a TTP on a case.
p1kusmie commented 1 year ago

Any fix?