Attacks should have ID's to support mapping items to detection rules

pushsecurity / saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

https://pushsecurity.com/blog/saas-attack-techniques/

Creative Commons Attribution 4.0 International

943 stars 61 forks source link

Attacks should have ID's to support mapping items to detection rules #32

Closed BatteryCandy closed 10 months ago

BatteryCandy commented 10 months ago

Maybe like something like AT0000 so as to not clash with Tactics TA0000 or Techniques T0000 from the original Mitre Matrix?

jukelennings commented 10 months ago

Thanks, @BatteryCandy. Yeah, that's a fair point. We were constantly adding/changing techniques during initial development so I think this type of thing was overlooked. Now we have a stable base of techniques to iterate from, it makes sense to do this though.