Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
Following rules listed on STIX's windows-registry-key: https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_luvw8wjlfo3y. Also I see the Values property of the Windows Registry Key object is simply a list of strings rather than a STIX windows-registry-value-type (from same link above). For this reason I don't do any regex validation on they Values list since I'm assuming it is the value (which can be anything) that was modified.
See notes in PR #78 for clarification on why Windows registry regex check is in the Validate links section of validateNode().
Following rules listed on STIX's windows-registry-key: https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_luvw8wjlfo3y. Also I see the Values property of the Windows Registry Key object is simply a list of strings rather than a STIX windows-registry-value-type (from same link above). For this reason I don't do any regex validation on they Values list since I'm assuming it is the value (which can be anything) that was modified.
See notes in PR #78 for clarification on why Windows registry regex check is in the Validate links section of
validateNode()
.