However, right now Hayabusa outputs MITRE techniques in a single string separated by the broken pipe but would be better to output as an array of strings. Issue here: https://github.com/Yamato-Security/hayabusa/issues/1230
So we may want to update hayabusa first before implementing this.
The legacy sigmatools has a command named sigma2attack that creates a navigator coverage map from sigma rules that can be used as a reference: https://pypi.org/project/sigmatools/
When Hayabusa saves results with JSONL and a profile with
%MitreTags%
, I want to extract those technique IDs create a JSON file to import into ATT&CK Navigator. Something similar to this: https://github.com/olafhartong/sysmon-modular/blob/master/attack_matrix/Sysmon-modular.json and this: https://github.com/olafhartong/sysmon-modular/tree/master/attack_matrix Navigator: https://mitre-attack.github.io/attack-navigator/However, right now Hayabusa outputs MITRE techniques in a single string separated by the broken pipe but would be better to output as an array of strings. Issue here: https://github.com/Yamato-Security/hayabusa/issues/1230 So we may want to update hayabusa first before implementing this.
The legacy sigmatools has a command named
sigma2attack
that creates a navigator coverage map from sigma rules that can be used as a reference: https://pypi.org/project/sigmatools/@fukusuket Are you interested in this?