Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tactics, techniques, and mitigations from MITRE ATLAS #247

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add tactics, techniques, and mitigations from MITRE ATLAS #247

wants to merge 1 commit into from

Conversation

aamedina
Copy link
Collaborator

@aamedina aamedina commented May 9, 2024

Addresses #245

  • added new external threat model thing (ATLASThing) and subclasses ATLASTactic, ATLASTechnique, and ATLASMitigation, as well as a new datatype property atlas-id
  • added make update-atlas command to generate mappings following example of make update-attack
  • maps tactics, techniques and mitigations from the ATLAS STIX data into D3FEND using the new classes

Please help me review and correct any mistakes in this mapping, especially in the Python code I could use another pair of eyes. Thank you.

@netfl0
Copy link
Contributor

netfl0 commented May 10, 2024

needs a few minor tweaks

  • rename tactics to Credential Access - ATLAS, add a prefLabel for Credential Access

currently: Credential Access (ATLAS Tactic)

  • we're missing "Credential Access - ATLAS - Technique" classes to group their techniques.

@aamedina
Copy link
Collaborator Author

needs a few minor tweaks

* [ ]  rename tactics to `Credential Access - ATLAS`, add a prefLabel for `Credential Access`

currently: Credential Access (ATLAS Tactic)

* [ ]  we're missing "Credential Access - ATLAS - Technique" classes to group their techniques.

First point makes sense. Can you clarify the second point concretely with an example?

@netfl0
Copy link
Contributor

netfl0 commented May 14, 2024

  • we're missing "Credential Access - ATLAS - Technique" classes to group their techniques.

Like we do here:

image

@netfl0 netfl0 self-assigned this Jun 7, 2024
@netfl0 netfl0 added this to the 0.16.0 milestone Jun 7, 2024
@netfl0 netfl0 modified the milestones: 0.16.0, 0.17.0 Jul 10, 2024
@netfl0
Copy link
Contributor

netfl0 commented Sep 16, 2024

Can you revert the actual ontology changes in this pull so its just the generative code. Also, were there any other additions necessary? I think you added the convenience classes I requested.

@aamedina
Copy link
Collaborator Author

aamedina commented Sep 16, 2024
edited
Loading

Can you revert the actual ontology changes in this pull so its just the generative code. Also, were there any other additions necessary? I think you added the convenience classes I requested.

Which ontology changes? Do you mean d3f:atlas-id, d3f:ATLASTactic, d3f:ATLASTechnique, etc? We need the Tactics, Techniques, and Mitigations to have superclasses, as they aren't ATT&CK Enterprise tactics and techniques.

Keep this to group them? But remove ATLASTechnique and Tactic? What should the replacement superclasses be? I kind of want technique classes, like d3f:ReconnaissanceTechnique, to be ideally decoupled from ATT&CK Enterprise so we can reuse it as a superclass to organize techniques across all ATT&CK frameworks.

:ATLASReconnaissanceTechnique a owl:Class ;
    rdfs:label "Reconnaissance - ATLAS - Technique" ;
    rdfs:subClassOf :ATLASTechnique,
        :OffensiveTechnique,
        [ a owl:Restriction ;
            owl:onProperty :enables ;
            owl:someValuesFrom :AML.TA0002 ] .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@netfl0 netfl0

Labels
None yet
Projects
None yet
Milestone
0.17.0
Development

Successfully merging this pull request may close these issues.
2 participants
@aamedina @netfl0