aamedina
commented
2 months ago Might be something to consider https://robot.obolibrary.org/template.html
Open aamedina opened 2 months ago
aamedina
commented
2 months ago Might be something to consider https://robot.obolibrary.org/template.html
In older versions of ATT&CK, techniques like T1216 and T1218 were classified under both "defense evasion" and "execution", but since ATT&CK 7.0-15.0 they have been classified under "defense evasion" (e.g https://attack.mitre.org/versions/v15/techniques/T1218/).
I think when the script to synchronize ATT&CK into d3fend is run on a new ATT&CK release from the STIX, the tactical phase is not synchronized. So it will accrete new tactics, not remove ones that aren't relevant anymore.
Solution will necessitate some upgrades to the synchronization script.