fukusuket
commented
10 months ago @YamatoSecurity Yes, I would love to implement it💪 :) Thank you for mentioning!
Closed YamatoSecurity closed 10 months ago
fukusuket
commented
10 months ago @YamatoSecurity Yes, I would love to implement it💪 :) Thank you for mentioning!
hitenkoku
commented
10 months ago duplicated #1
When Hayabusa saves results with JSONL and a profile with
%MitreTags%, I want to extract those technique IDs create a JSON file to import into ATT&CK Navigator. Something similar to this: https://github.com/olafhartong/sysmon-modular/blob/master/attack_matrix/Sysmon-modular.json and this: https://github.com/olafhartong/sysmon-modular/tree/master/attack_matrix Navigator: https://mitre-attack.github.io/attack-navigator/However, right now Hayabusa outputs MITRE techniques in a single string separated by the broken pipe but would be better to output as an array of strings. Issue here: https://github.com/Yamato-Security/hayabusa/issues/1230 So we may want to update hayabusa first before implementing this.
The legacy sigmatools has a command named
sigma2attackthat creates a navigator coverage map from sigma rules that can be used as a reference: https://pypi.org/project/sigmatools/@fukusuket Are you interested in this?