From the README: This script queries four open-source detection repositories to calculate known and likely detectable MITRE ATT&CK techniques. It's inspired by and attempts to improve CAR's coverage comparison website. (ed. note - it seemed like keeping it with the other CAR code would be a good fit!)
Key differences:
Split per-technique detection results by operating system (Windows and Linux only for now)
Focuses on detections in "active" library content (a Github term search will match on content like this deprecated Sigma rule, and it seems like CAR is including these results)
Can be run anytime instead of depending on a CAR coverage update (last update as of writing was December 30, 2022)
Outputs a conservative list of "likely detectable" techniques and subtechniques using the conditions above and a configurable threshold (UNIQUE_DETECTION_THRESHOLD).
From the README: This script queries four open-source detection repositories to calculate known and likely detectable MITRE ATT&CK techniques. It's inspired by and attempts to improve CAR's coverage comparison website. (ed. note - it seemed like keeping it with the other CAR code would be a good fit!)
Key differences:
December 30, 2022
)UNIQUE_DETECTION_THRESHOLD
).This is linked to #176 .