glowbase / decider

A web application assisting network defenders, analysts, and researchers in the process of mapping adversarial behaviors to MITRE ATT&CK, ACSC ISM and NIST 800-53 frameworks.
Other
4 stars 1 forks source link

Tools import #13

Open allan-korol opened 3 months ago

allan-korol commented 3 months ago

Tools represent programs/scripts/etc that can be used to extract artefacts.

For a given tool, it may be used by multiple techniques to extract artefacts.

For any given technique a tool is used for, the tool may be used to extract one or more artefacts.

Format for tools-v15.1.json.

[
    {
        "tool": "Name of tool",
        "src": {
            "type": "url",
            "ref": "https://tool.com"
        },
        "techniques": {
            "T1234.001": [{
                "usage": "some description/cmdline/procedure",
                "output": "details of the output?",
                "detail": "more detailed information of the location? eg. registry key"
            },
            {
                "usage": "some description/cmdline/procedure",
                "output": "details of the output?",
                "detail": "more detailed information of the location? eg. registry key"
            }],
            "T1122.003": [{
                "usage": "some description/cmdline/procedure",
                "output": "details of the output?",
                "detail": "more detailed information of the location? eg. registry key"
            }],
        }
    }
]
allan-korol commented 3 months ago

Based on some work relating to the database schema of the evidence and tools, there is a new proposed structure for tools.

Action Mechanism =>