Feature Request: Export what's missing from Visibility or Detection

[Hackcidental]

Hi all,

I would like to propose this feature as I think would be useful when you map visibility and detection. Normally when you do your mapping and export into json or excel you get what you inserted, what you cover in your visibility or what you detect in your detection. It would be useful to be able to also export what you're missing, my main use case is to be able to quickly have a list of all the techniques that my detection do not cover. Thanks

[rubinatorz]

Hi @Hackcidental!

You can do this by including all techniques in your YAML file. If you are using a data source administration file, you can use the -y and -ya options of de dettect.py datasource (ds) mode to generate a yaml with all techniques. But that will be a fresh one.

I will add an option to our backlog to include all techniques in de detection/visibility Excel export, but I cannot promise anything of the release date yet.

Cheers

[rubinatorz]

Another option is to export to a layer file for the ATT&CK Navigator. There you will have a visual overview of your coverage and gaps.

[Hackcidental]

Hi @rubinatorz

Sorry for the delayed response, and thank you for yours.

Thanks!