Open banzo opened 1 year ago
Seb, what do you mean by including defence aspects? Can you share an example?Sent from my iPhoneOn 15 Dec 2022, at 00:23, Sebastien Dupont @.***> wrote: Hello, we are looking for a solution to build and model Attack Defense Trees. We discovered Attack Flow at the EU MITRE ATT&CK® Community Workshop X. We are wondering if it would make sense to extend Attack Flow to include the Defense aspects.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>
Thank you for your response.
By defense aspects I mean mechanisms such as IDS, access control, etc. In MITRE Att&ck, I guess it would be similar to the Mitigations.
Here is a sample ADT, where attack nodes are in red and defense nodes are in green (source).
We have had discussions about how to account for defensive actions, but haven't settled on anything yet. This area gets a bit tricky, however, because there is a large amount of defensive actions that someone can take against 1 offensive action. This could quickly bloat the ontology. We will continue our discussions until we find an appropriate way to model defensive actions, along with ATT&CK.
Hello everyone,
I hope this can help. Currently, I am working to improve cybersecurity processes using Attack Flow Builder, to perform what @banzo indicates, what I am using are STIX Objects. To indicate how to perform searches and produce detections I suggest using Indicator and for actions in the @banzo 's diagram Course of Action could be used.
STIX SDO Indicator spec: https://docs.oasis-open.org/cti/stix/v2.1/csprd01/stix-v2.1-csprd01.html#_Toc16070633 STIX SDO Course of Action spec: https://docs.oasis-open.org/cti/stix/v2.1/csprd01/stix-v2.1-csprd01.html#_Toc16070624
I think that could be the right approach.
Regards
Hello, we are looking for a solution to build and model Attack Defense Trees.
We discovered Attack Flow at the EU MITRE ATT&CK® Community Workshop X. We are wondering if it would make sense to extend Attack Flow to include the Defense aspects.