search

center-for-threat-informed-defense / attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
https://ctid.io/attack-flow
Apache License 2.0
522 stars 83 forks source link

AF-125 regex windows registry #79

Closed nikorev closed 11 months ago

nikorev commented 12 months ago

Following rules listed on STIX's windows-registry-key: https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_luvw8wjlfo3y. Also I see the Values property of the Windows Registry Key object is simply a list of strings rather than a STIX windows-registry-value-type (from same link above). For this reason I don't do any regex validation on they Values list since I'm assuming it is the value (which can be anything) that was modified.

See notes in PR #78 for clarification on why Windows registry regex check is in the Validate links section of validateNode().

sonarcloud[bot] commented 11 months ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication