Comments field in Yaml file are not being output to json

[ChrisFursty]

Hi,

When attempting to map detection capabilities with the below command: python3 dettect.py g -g g0022 -o sample-data/techniques-administration-endpoints.yaml -t detection

The comments field in the yaml file are not displayed in the generated json file. For example:

- technique_id: T1222
  technique_name: File Permissions Modification
  detection:
    applicable_to: [all]
    location:
    - ''
    comment: 'This is a test'
    score_logbook:
    - date:
      score: 1
      comment: 'This is a test'
  visibility:
    applicable_to: [all]
    comment: ''
    score_logbook:
    - date: 2019-03-01
      score: 1
      comment: 'This is a test'
      auto_generated: true

I am trying to add our internal detection rule names to the comment field so that it makes it easier for us to determine from the output which rules are covering the technique.

[rubinatorz]

hi @ChrisFursty,

That's right, comments are currently not incorporated in the metadata of overlay layer files. But we like your idea and we will put it on our backlog for the next release.

[rubinatorz]

In addition to my comment above. You can put the internal detection names in the location field. That’s the purpose of that field. We will also considerate adding the location field to the metadata of the overlay layer.

[ChrisFursty]

Thanks, that will be helpful! I have made a workaround in the meantime.

[rubinatorz]

hi @ChrisFursty,

We just released a new version of DeTT&CT where we included comment + location fields in the metadata of techniques in the layer file. Hope you like it ;-)

Regards, Ruben