search

center-for-threat-informed-defense / attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
https://ctid.io/attack-flow
Apache License 2.0
522 stars 83 forks source link

AF-124 IPv4, IPv6, & MAC regex check #78

Closed nikorev closed 11 months ago

nikorev commented 1 year ago

Using regexes found in

nikorev commented 12 months ago

To note, for the windows_registry_key object in AF-125, I moved the validation under the Vaidate links section of validateNode() to prevent checking over the object multiple times. This could technically be done for this branch/check too since we're also checking based on the node.template.id, but since all of these objects only have a single property in the node.props.value for loop, we aren't iterating more than once. I'll keep it where it is for now.

nikorev commented 12 months ago

Additional clarification: The for-loop shown in the screenshot will only run once for any of the ipv4/ipv6/mac address nodes since they only contain a single property

image

In contrast with the AF-125 (windows registry) branch, this for loop would iterate 4x for each of the properties (key, values, date modified, # of subkeys); this is why the validation for windows registry keys is in a slightly different place.

sonarcloud[bot] commented 11 months ago

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell E 17 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint