sonarcloud[bot]
commented
2 years ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
Open hashcat3 opened 2 years ago
sonarcloud[bot]
commented
2 years ago Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
rossj-en
commented
2 years ago Taking a look and will review today.
jadriangg1
commented
2 years ago @hashcat3 To answer your question, these are labeled correctly as it best matched our scoring rubric's definitions for security controls, but I'll modify the language to avoid similar confusion in the description:
Protect is a security control's ability to prevent or minimize the impact of the execution of an ATT&CK.Detect a security control's ability to detect the execution of an ATT&CK (sub-)technique. For example, a vulnerability scanning capability would be categorized as Protect, where real-time indicators of compromise alerts in a SIEM dashboard would be categorized as Detect. I hope this helps. If you have any questions or comments, please feel free to reach out. Ty!
Each of the controls are categorized as
Protect, though each of their comments mentions that once the control is deployed, it canDetectnefarious activity. Should the said controls be mapped to both a Protect and Detect categories? With the given description I'd recommendDetectonly. Example: Compare T1068 with T1212.