Data sources missing - Githubissues

rabobank-cdc / DeTTECT

Detect Tactics, Techniques & Combat Threats

GNU General Public License v3.0

2.05k stars 333 forks source link

Data sources missing #53

Closed irivera007 closed 3 years ago

irivera007 commented 3 years ago

HI,

When running in docker or locally, Im unable to see more data sources for instance "AWS CloudTrail logs" from the drop menu:

any idea on what am I missing?

rubinatorz commented 3 years ago

hi @irivera007

"AWS CloudTrail logs" is a data source from the previous ATT&CK version (8.0 and before). MITRE restructured and renewed the data sources in version 9.0 and "AWS CloudTrail logs" in not in there.

beerMT commented 3 years ago

I found a similar Data Source missing issue when looking at:

Logon Session Termination
Scheduled Job Deletion

Other Logon Session data components and Scheduled Job data components were available in the Editor but not those two.

rubinatorz commented 3 years ago

hi @beerMT,

Those 2 data sources are indeed part of ATT&CK v9, but there are no (sub) techniques referencing to this data sources. That's why you don't see those data sources in the Editor. Those data sources would not reflect any visibility on (sub) techniques (yet).

beerMT commented 3 years ago

Good catch, thanks for clarification.