rubinatorz
commented
2 years ago Hi @isaisabel, @jondricek and the ATT&CK team,
This inconsistency breaks our DeTT&CT pipeline, we would appreciate if you could look at this PR soon.
Regards, Ruben
Closed marcusbakker closed 2 years ago
rubinatorz
commented
2 years ago Hi @isaisabel, @jondricek and the ATT&CK team,
This inconsistency breaks our DeTT&CT pipeline, we would appreciate if you could look at this PR soon.
Regards, Ruben
jondricek
commented
2 years ago Thanks for the contribution, and sorry for the delayed response. While we don't take pull requests directly into this repository, I'll pass the information provided here to the ICS team so they can make the required fixes on our internal ATT&CK Workbench instance for the next ATT&CK release. Version 11.3 will be released in July and I'll plan to have the team address this by then.
jondricek
commented
2 years ago We just released v11.3 today, which includes these changes. Please be aware that the v12 release planned for October will have "source_name": "mitre-attack" for all Techniques from Enterprise, Mobile, and ICS. You will need to read the x_mitre_domains field on STIX Technique/attack-pattern objects to parse this in the future. I'm going to close this Pull Request now, but if you have further comments, feel free to leave them here.
"x_mitre_domains": [
"ics-attack"
],
marcusbakker
commented
2 years ago Thanks for the heads-up Jared!
Hi ATT&CK team,
I've noticed that in 11 attack patterns for ICS the
source_namewithin theexternal_referencesis incorrect as it has the valuemitre-attackinstead ofmitre-ics-attack.Regards, Marcus