search

mitre-attack / attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices
https://mitre-attack.github.io/attack-navigator
Apache License 2.0
1.92k stars 578 forks source link

Feature request: filter on ATT&CK data sources #608

Open RobbeVandenDaele opened 5 months ago

RobbeVandenDaele commented 5 months ago

Hi all,

I had an idea which I wanted to share with you. It think it would be a great feature if we can filter the navigator based on the ATT&CK data sources (https://attack.mitre.org/datasources/). This would help a lot in plotting detections on the navigator related to a specific data source, since this removes the clutter of techniques not relevant to a specific data source. I feel like the filters for the platforms are not always sufficient enough.

Kind regards Robbe

clemiller commented 5 months ago

Hi @RobbeVandenDaele,

Thank you for opening up this suggestion! I agree that the filtering options in Navigator could be improved and this is an interesting idea. I am leaving this issue open for our team to consider and will mark it as "seeking feedback" in case others in the community have additional thoughts they would like to share.

In the meantime, there are steps you can take to achieve similar functionality. The process for hiding techniques is somewhat involved (related to the improvements requested in #571), but I'm sharing it here in case it is useful to you:

  1. Open the search & multiselect sidebar
  2. Select techniques based on a specific Data Source from the Data Sources panel
  3. Right click a technique in the matrix view and choose "invert selection"
  4. Select "toggle state" under technique controls in the toolbar
  5. Click "show/hide disabled" under layer controls in the toolbar

This will hide all techniques from the view that are not related to the Data Source selected in step 2.

vynttran commented 2 months ago

Hi @RobbeVandenDaele and @clemiller,

This indeed seems like a useful feature to add! I think we can implement this by adding a ‘data sources’ section in the filters menu (relatively similar to the current ‘platforms’ section, but the toggles in the section will be based on the different data sources).

That said, would it be possible for me to work on this issue? On my team are 3 other friends, @csuraparaju, @tarunBandi-ONE, and @ytw-wyt, who are also excited to help out with implementing this.