center-for-threat-informed-defense / caldera_pathfinder

Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
https://caldera.mitre.org/
Apache License 2.0
123 stars 26 forks source link

Mapping TTPs and CVEs #34

Closed afarao closed 3 years ago

afarao commented 3 years ago

Hi! I am new here! Is there any way to link TTPs and CVEs through the Caldera? Through the Pathfinder plugin I have received the network topology including the CVES, and then I have created an operation using as adversary the Thief. Once the operation is done, I use the Debrief plugin to see how the operation is completed and then I can see the used TTPs. Is there any way to export which CVEs are used/linked to each used TTP? Thanks in advance!

blackwidow0616 commented 3 years ago

You can tag abilities with a CVE or any other piece of information as seen here: https://github.com/center-for-threat-informed-defense/caldera_pathfinder/blob/master/data/abilities/initial-access/315f8fcc-c05a-4db0-9f9a-5daade661540.yml#L11-L12. Hopefully this resolves your issue. If you’re still having any problems, please feel free to re-open or start a new ticket. Thanks!