Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
Got stuck for a while trying to over-engineer the publisher, only to realize it was best to keep it simple and build on it later.
The main concern is when an object that uses an Enum value is published, the node as as they appear in the builder. i.e. if we wanted to make an enumeration such as:
value: [ ['internal_use_only': 'external_use_only'] ]
The node would hold value: 'external_use_only' rather than value: 'internal_use_only' in order to correctly assign a value within the schema of the object. At this moment, we don't have any object whose 'internal' and 'external' enumeration values differ, so keeping it simple for now.
Changes:
blocked publishing until an object ref is assigned to an Opinion object
Got stuck for a while trying to over-engineer the publisher, only to realize it was best to keep it simple and build on it later. The main concern is when an object that uses an Enum value is published, the node as as they appear in the builder. i.e. if we wanted to make an enumeration such as:
value: [ ['internal_use_only': 'external_use_only'] ]
The node would holdvalue: 'external_use_only'
rather thanvalue: 'internal_use_only'
in order to correctly assign a value within the schema of the object. At this moment, we don't have any object whose 'internal' and 'external' enumeration values differ, so keeping it simple for now.Changes: