search

center-for-threat-informed-defense / attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
https://ctid.io/attack-flow
Apache License 2.0
527 stars 84 forks source link

Add ATT&CK Technique auto-complete #60

Closed OpalSec closed 11 months ago

OpalSec commented 1 year ago

Adding auto-complete for the technique ID field of Action objects would help immensely, as it not only makes it easier to cite Techniques, but also ensures they're consistent and not subject to typos.

Being able to add multiple Techniques to a single Action object would also be helpful - though I understand if your view is that this isn't in keeping with the design intent of this project.

It would be useful for my particular use case, though. See below for an example:

image

In visualising a long and complex intrusion, breaking each Technique into its own Action object would result in a sprawling diagram that would be hard to navigate.

My preference is to use the Name field to describe distinct stages of the intrusion, elaborating in the Description field while also inserting the relevant Technique IDs. In doing so I can condense multi-staged attack paths into more compact diagrams, broken up by milestones in the intrusion.

mehaase commented 1 year ago

Thank you for suggesting this. It is in our backlog and will be included in a release in the next 2 months.

initstring commented 1 year ago

Hi @mehaase ,

Thanks for your work on such a cool tool! I am also really interested in this feature. Is it still planned for release?

Thanks so much.