Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requested Features #6

Open
nshalabi opened this issue Sep 22, 2019 · 2 comments
Open

Requested Features #6

nshalabi opened this issue Sep 22, 2019 · 2 comments

Comments

@nshalabi
Copy link
Owner

nshalabi commented Sep 22, 2019

This is a summary of the features requests I received (in random order):

  1. The ability to import ATT&CK™ data sets using the tool itself.
  2. Add custom techniques not listed in ATT&CK™ (insider threat and fraud focused).
  3. Incorporate more red-teams playbooks, similar to atomic-red-team™.
  4. Start a plan by importing ATT&CK™ navigator exports.
  5. Ability to define targets and assign a "testing guideline" to each, allowing users to input components of their systems in terms of access/process/technology (what is being defended).
  6. Integrate the tool with CALDERA™ to generate tests.
  7. Create macOS & Linux versions.
  8. Open source the tool.
  9. Exporting plans for sharing.
  10. Map NIST SP 800-53 controls to techniques (other controls SOX, PCI, FFIEC).
  11. Allow users to enter known vulnerability data for systems (like Kenna or NVD).
  12. Add technique scoring cost/difficulty/discoverability for attack tree modeling (technique based attack probability and simulation).

Thank you all for your feedback, if you would like to add a new feature or feedback about a requested feature, please add it here or email me directly at [email protected]

@OpalSec
Copy link

OpalSec commented Feb 11, 2020

Amazing tool, I wish I'd found it sooner!

Just the one feature request from what I've seen so far:

  1. Ability to include software used by APTs, e.g. APT30 uses S0028 (SHIPSHAPE), which maps to T1060, T1091, T1023. Implementation of this could be that importing S0028 would add S0028 as a node and expand the three Techniques as child nodes, with the "Use" information populated in the Description field.

Also is there a way to update the sqlite db with the latest data from the Mitre Att&ck site?

@nshalabi
Copy link
Owner Author

Thank you!

  • Regarding the first request, it used to exist but was removed and replaced with filtering the techniques related to a certain adversary or software for selection while creating/editing the testing guideline. The decision was based on feedback that not all TTPs would fit into one testing guideline, which makes sense if you look at APT3 plan, testing guidelines are matched with less TTPs, and the full plan doesn't cover all TTPs reported.

  • Regarding the database update, I just updated the content with the latest ATT&CK and ATOMIC contents

Much appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants