Add multiple tactics to ATT&CK mappings #51

rw-access · 2020-07-13T14:20:54Z

Once elastic/kibana#69166 merges, we'll be able to map tactics -> techniques with a many-many relationship. This will let us map rules to tactics without requiring a technique, and will give us better control over the relationships. We'll be able to express relationships like this:

Privilege Escalation, Persistence
- New Service
- Scheduled Task
Execution
- Service Execution
Lateral Movement

We need to:

update the schema
add tactics to rules that are missing one because they don't use a specific technique
find other cases where we can add more techniques/tactics or improve rule.threat in other ATT&CK related ways

rw-access · 2020-12-18T22:29:19Z

I think optional techniques gives us enough flexibility.
I'm going to close this, since it's good enough IMO

rw-access added blocked enhancement New feature or request v7.10.0 labels Jul 13, 2020

rw-access mentioned this issue Sep 8, 2020

[Rule Tuning] Update rules with ATT&CK tactic and technique metadata #272

Closed

rw-access mentioned this issue Sep 17, 2020

[New Rule] Initial converted EQL rules #304

Merged

rw-access added v7.11.0 and removed v7.10.0 labels Sep 30, 2020

rw-access closed this as completed Dec 18, 2020

rw-access removed the v7.11.0 label Dec 18, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add multiple tactics to ATT&CK mappings #51

Add multiple tactics to ATT&CK mappings #51

rw-access commented Jul 13, 2020

rw-access commented Dec 18, 2020

Add multiple tactics to ATT&CK mappings #51

Add multiple tactics to ATT&CK mappings #51

Comments

rw-access commented Jul 13, 2020

rw-access commented Dec 18, 2020