Attack Builder: Bad STIX property name 'patter_version' in Indicator SDO

center-for-threat-informed-defense / attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

https://ctid.io/attack-flow

Apache License 2.0

547 stars 86 forks source link

Attack Builder: Bad STIX property name 'patter_version' in Indicator SDO #123

Closed juancerezo closed 4 months ago

juancerezo commented 4 months ago

Hi. There is a little error that may impact with STIX integration. The property "pattern_version" is implemented as "patter_version".

I was going to propose a change with a pull request but I don't know if it would have an impact on the flows already built. I hope you can fix this bug.

https://github.com/center-for-threat-informed-defense/attack-flow/blob/7904d44ff755e8b3672a85d72f0848a61327edfa/src/attack_flow_builder/src/assets/configuration/builder.config.ts#L337C12-L337C82

mehaase commented 4 months ago

Thank you for pointing this out, we'll get that fixed this week.

After the fix is released, existing attack flows will show a blank Pattern Version that needs to be filled in again. I apologize for the inconvenience.