Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
impute the graph containing only action and condition nodes
any node in the imputed graph with in-degree equal to zero is a start ref
Note that cycles in the graph are undefined behavior -- it throws an exception right now to prevent creating an invalid Attack Flow -- but we may need to revisit this in the future depending on how common this is in practice.
Update the logic for start refs:
Note that cycles in the graph are undefined behavior -- it throws an exception right now to prevent creating an invalid Attack Flow -- but we may need to revisit this in the future depending on how common this is in practice.