ATT&CK Workbench v1.1.0 includes support for ATT&CK Spec v2.1.0 and coincides with the ATT&CK v10.0 release. Users who do not upgrade to Workbench v1.1.0 may encounter issues with the new ATT&CK data:
- If the user added the ATT&CK collection index prior to the ATT&CK v10.0 release, it may lose track of imported Enterprise collections. These collections can still be found in the "imported collections" tab of the collection manager, but won't be reflected in the collection manager. Collection subscriptions for Enterprise may also be lost. Upgrading to ATT&CK Workbench v1.1.0 will fix this issue and restore prior collection subscriptions.
- If the user imports ATT&CK v10.0 using ATT&CK Workbench 1.0.X, data sources and data components will not be imported into their local knowledge base. You can re-import the collection after upgrading Workbench to v1.1.0 to acquire the data sources and data components even if you had already imported it when running a prior version of Workbench.
ATT&CK Workbench version 1.1.0 includes improvements to how data is imported which should circumvent the above issues for future releases of ATT&CK.
- Added object type documentation on list pages. See frontend#221.
- Added support for ATT&CK Spec v2.1.0:
- Added support for data sources and data components, and viewing/editing interfaces for these object types and their relationships with techniques. See frontend#67, frontend#66.
- Added support for
x_mitre_attack_spec_versionon all object types.
- Improved the flexibility and robustness of collection imports:
- Workbench will now check the ATT&CK Spec version of imported data and warn the user if the ATT&CK Spec version is unsupported (ex. if the Workbench instance is too outdated to support the data it is trying to import). The user can choose to bypass this warning.
- Workbench can now import the same collection multiple times in case objects in the initial import could not be imported due to an error.
- The user will now be provided with a downloadable list of objects that could not be saved (and the reason why) in the event of import errors.
- REST API will now log import errors for individual objects to the console when the log level is set to
verbose. - Frontend will now log import errors to the console when the application environment is not set to production.
- Added validation for missing ATT&CK IDs on objects that support them. The user will now be warned if they neglect to assign an ATT&CK ID to an object which supports it. When exporting a collection, the user will similarly be warned if any contained objects are missing ATT&CK IDs. See frontend#231.
- REST API now supports setting the log level through an environment variable. See rest-api#108.
- REST API no longer sets the
upgrade-insecure-requestsdirective of theContent-Security-Policyheader in responses. This will facilitate the deployment of ATT&CK Workbench in an internal environment without requiring the system to be configured to support HTTPS. See rest-api#96.
- Fixed an issue where the navigation header could be inaccessible when navigating within the application or when the page resized due to user input.
- Frontend will no longer claim objects were imported when they were actually discarded due to import errors such as spec violations.
- Imported STIX bundles will no longer require (but still allow) the
spec_versionfield on the bundle itself. This was causing issues importing collections created by the Workbench. Objects within the bundle still require thespec_versionfield per the STIX 2.1 spec. See rest-api#103. - Fixed an issue where the REST API would save references when importing a collection bundle even though the
previewOnlyflag had been set. See rest-api#120.
- Error snackbars will now show appropriate messages instead of
[object ProgressEvent]when communication with the REST API is interrupted or cannot be established. See frontend#227. - Fixed a bug where tactic shortnames were computed incorrectly for tactics with more than one space in the name (E.g
"Command and Control"). See frontend#239.- If you have edited a technique under a tactic with more than one space in the name, remove and re-add the tactic under the technique edit interface to ensure that the tactic reference is formatted properly.
- If you have created a tactic with more than one space in the name, save a new version of the tactic and the proper shortname should be saved. You do not need to make any edits when saving the tactic page for the shortname to be fixed.
- Added a system for configuring the Collection Manager with self-signed certs when using the docker setup. Documentation for this configuration will be improved in a subsequent release.
- Fixed an error encountered when using the
attack-objectsAPI with large datasets. This error was preventing users from loading the "create a collection" page when Enterprise ATT&CK collections were imported. See rest-api#87.
- Performance improvements when adding, editing, and validating relationships.
- Improved error messages when importing collections that are too large or malformed. See frontend#198.
- Improved page titles and breadcrumb on "object not found" pages.
- User can now import collections from file. See frontend#207.
- Collection index update interval is now set in the REST API configuration instead of hardcoded in the frontend. See frontend#200.
- Fixed vertically misaligned timestamps across several UIs.
- Fixed missing timestamp on collection version lists within collection indexes.
- Fixed object status popover showing the wrong status if opened too soon after the page loads. Also improved performance of the status popover code.
- Collection import UI no longer gets stuck if it runs into a problem fetching/importing/previewing the collection. See frontend#198
- Object status popover now closes properly when the user starts editing the object. See frontend#199.
- Added a favicon. See frontend#137.
- Added dynamic page title to make it easier to distinguish multiple Workbench tabs in the browser. See frontend#130.
- Added a list of recommended indexes available when adding a collection index. See frontend#194.
- Added ability to set workflow state when objects are saved. See frontend#184.
- Updated occurrences of "aliases" to "associated groups" or "associated software" for consistency across the application. See frontend#176.
- Improved logging and added log level to environment configuration to suppress unnecessary logs from production deployments. See frontend#209.
- Updated the reference editor to enforce correct formatting when creating a new reference. See frontend#177.
- Added attribution of edits and tracking of organization identity. See frontend#61 and frontend#182.
- Added ability to revoke and deprecate objects. See frontend#164.
- Added tracking of workflow state. See frontend#3.
- Added ability to create and edit collections. See frontend#4, frontend#5, and frontend#112.
- Added support and documentation for ATT&CK Navigator integration. See frontend#153.
- Added support and documentation for ATT&CK Website integration. See frontend#152.
- Improved display of object domains. See frontend#166.
- Added support for MTC and CAPEC IDs. See frontend#124.
- Added ability to create and edit objects. See frontend#44 and frontend#145.
- Added ability to edit group/software aliases. See frontend#118.
- Added ability to edit various list properties such as platforms, tactics, and domains. See frontend#31.
- Added rich-text description editor. See frontend#32.
- Added ability to convert techniques to sub-techniques, and vice versa.
- Added ability to edit ATT&CK IDs. See frontend#55.
- Added validation system to warn user of malformed data.
- Added ability to reorder tactics on matrices. See frontend#116.
- Added ability to edit object version numbers, and a UI for incrementing versions when objects are saved. See frontend#56.
- Added ability to create and edit notes (annotations) on objects. See frontend#59.
- Added citations/references support.
- Added automatic detection of citations on descriptions and aliases. See frontend#115.
- Added references manager tool. See frontend#115 and frontend#133.
- Lists of objects can now be searched and filtered. See frontend#128 and frontend#127.
- Lists of objects now display ATT&CK IDs when relevant. See frontend#119.
- When viewing an object, fields which have no value(s) will now be hidden. See frontend#120.
- Improved display of sub-techniques. See frontend#125.
- Layout and formatting improvements to USAGE document
- Fixed broken pagination on relationship tables. See frontend#126.
- Added Dockerfiles, docker-compose, and documentation on how to use them. See frontend#108, frontend#109 rest-api#14, and collection-manager#13.
- Fixed a crash that could occur with specific queries on the REST API. See rest-api#28.
- Created object view pages for matrix, technique, tactic, mitigation, group, and software objects.
- Added the ability to browse and import collection indexes.
- Collection indexes can be imported via URL.
- A preview of the collection index is shown before confirming the import.
- Added the ability to import, view, and subscribe to collections.
- Collections listed within an index can be subscribed to, which will pull new versions when they are published.
- Collections can also be manually imported via URL. When importing, a preview of the collection and its contents is shown before confirming the import. At this step, users can preview the objects in the collection and select which ones they want to import. Changes in the import are displayed relative to the state of the knowledge base similar to the update pages on the ATT&CK Website.
- An interface provides the ability to review prior imports, which provides a list of changes at the time of the import identical to that shown during the import of the collection.