Closed grimlock81 closed 2 years ago
Dang it, you're right! Definitely slipped through the cracks. For the record, I believe this was due in part to our recent migration from an older system to using Workbench for the first time officially, and those duplicate Relationships may have been introduced at that time. Regardless though, I'll mark this as needing to be addressed with the upcoming v11.1 release.
Confirmed 2 duplicates removed from all 3 listed mitigations in 11.1
While processing the latest v11.0 enterprise-attack.json file, I found that the 'Sudo and Sudo Caching' subtechnique (T1548.003) has its 3 mitigations listed 3 times each, each with an unique relationship id. The descriptions are all the same for the same mitigation. Version 10 has the same 3 mitigations but each only listed once.
No other technique or sub-technique has replicated their mitigations which leads me to conclude this is an error.
Here are the 3 mitigations repeated, with their unique ids: Mitigation 1: Privileged Account Management [M1026] Instance 1:
Instance 2:
Instance 3:
Mitigation 2: Operating System Configuration [M1028] Instance 1:
Instance 2:
Instance 3:
Mitigation 3: Restrict File and Directory Permissions [M1022] Instance 1:
Instance 2:
Instance 3: