You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should update our rules to use them, and figure out the optimal schema for ECS and the detection engine. We also need to improve our rule.threat mappings and use the latest information in ATT&CK since some techniques became subtechniques and others split. ATT&CK has subtechniques-crosswalk.json to track these changes
When we have a good structure in mind for the schema, create an issue for Kibana to add support to the detection engine. We can start with the API first and they can add UI support after.
The text was updated successfully, but these errors were encountered:
ATT&CK subtechniques are official.
We should update our rules to use them, and figure out the optimal schema for ECS and the detection engine. We also need to improve our rule.threat mappings and use the latest information in ATT&CK since some techniques became subtechniques and others split. ATT&CK has subtechniques-crosswalk.json to track these changes
There's an ECS issue here:
elastic/ecs#867
When we have a good structure in mind for the schema, create an issue for Kibana to add support to the detection engine. We can start with the API first and they can add UI support after.
The text was updated successfully, but these errors were encountered: