feat: add support for ATT&CK Navigator Layers

center-for-threat-informed-defense · Oct 12, 2023 · b8770bb · b8770bb
1 parent dea957c
commit b8770bb
Show file tree

Hide file tree

Showing 20 changed files with 268 additions and 0 deletions.
diff --git a/src/mappings_explorer/cli/cli.py b/src/mappings_explorer/cli/cli.py
@@ -19,6 +19,7 @@
 from mappings_explorer.cli.write_parsed_mappings import (
     write_parsed_mappings_csv,
     write_parsed_mappings_json,
+    write_parsed_mappings_navigator_layer,
     write_parsed_mappings_yaml,
 )
 
@@ -118,6 +119,9 @@ def parse_cve_mappings():
     # write parsed mappings to csv file
     write_parsed_mappings_csv(parsed_mappings, filepath)
 
+    # write parsed mappings to navigator layer
+    write_parsed_mappings_navigator_layer(parsed_mappings, filepath, "cve")
+
 
 def parse_nist_mappings():
     # read in tsv files
@@ -161,6 +165,9 @@ def parse_nist_mappings():
             # write parsed mappings to csv file
             write_parsed_mappings_csv(parsed_mappings, filepath)
 
+            # write parsed mappings to navigator layer
+            write_parsed_mappings_navigator_layer(parsed_mappings, filepath, "nist")
+
 
 def parse_veris_mappings():
     directory = f"{ROOT_DIR}/mappings/Veris"
@@ -190,6 +197,9 @@ def parse_veris_mappings():
             # write parsed mappings to csv file
             write_parsed_mappings_csv(parsed_mappings, filepath)
 
+            # write parsed mappings to navigator layer
+            write_parsed_mappings_navigator_layer(parsed_mappings, filepath, "veris")
+
 
 def parse_security_stack_mappings():
     rootdir = f"{ROOT_DIR}/mappings/SecurityStack"
@@ -221,3 +231,8 @@ def parse_security_stack_mappings():
 
             # write parsed mappings to csv file
             write_parsed_mappings_csv(parsed_mappings, filepath)
+
+            # write parsed mappings to navigator layer
+            write_parsed_mappings_navigator_layer(
+                parsed_mappings, filepath, "security stack"
+            )
diff --git a/src/mappings_explorer/cli/parsed_mappings/cve/parsed_cve_mappings_navigator_layer.json b/src/mappings_explorer/cli/parsed_mappings/cve/parsed_cve_mappings_navigator_layer.json
diff --git a/...r/cli/parsed_mappings/nist/10.1/r4/parsed_nist800-53-r4-10_1mappings_navigator_layer.json b/...r/cli/parsed_mappings/nist/10.1/r4/parsed_nist800-53-r4-10_1mappings_navigator_layer.json
diff --git a/...r/cli/parsed_mappings/nist/10.1/r5/parsed_nist800-53-r5-10_1mappings_navigator_layer.json b/...r/cli/parsed_mappings/nist/10.1/r5/parsed_nist800-53-r5-10_1mappings_navigator_layer.json
diff --git a/...r/cli/parsed_mappings/nist/12.1/r4/parsed_nist800-53-r4-12_1mappings_navigator_layer.json b/...r/cli/parsed_mappings/nist/12.1/r4/parsed_nist800-53-r4-12_1mappings_navigator_layer.json
diff --git a/...r/cli/parsed_mappings/nist/12.1/r5/parsed_nist800-53-r5-12_1mappings_navigator_layer.json b/...r/cli/parsed_mappings/nist/12.1/r5/parsed_nist800-53-r5-12_1mappings_navigator_layer.json
diff --git a/...rer/cli/parsed_mappings/nist/8.2/r4/parsed_nist800-53-r4-8_2mappings_navigator_layer.json b/...rer/cli/parsed_mappings/nist/8.2/r4/parsed_nist800-53-r4-8_2mappings_navigator_layer.json
diff --git a/...rer/cli/parsed_mappings/nist/8.2/r5/parsed_nist800-53-r5-8_2mappings_navigator_layer.json b/...rer/cli/parsed_mappings/nist/8.2/r5/parsed_nist800-53-r5-8_2mappings_navigator_layer.json
diff --git a/...rer/cli/parsed_mappings/nist/9.0/r4/parsed_nist800-53-r4-9_0mappings_navigator_layer.json b/...rer/cli/parsed_mappings/nist/9.0/r4/parsed_nist800-53-r4-9_0mappings_navigator_layer.json
diff --git a/...rer/cli/parsed_mappings/nist/9.0/r5/parsed_nist800-53-r5-9_0mappings_navigator_layer.json b/...rer/cli/parsed_mappings/nist/9.0/r5/parsed_nist800-53-r5-9_0mappings_navigator_layer.json
diff --git a/src/mappings_explorer/cli/parsed_mappings/security_stack/AWS/parsed_AWS_navigator_layer.json b/src/mappings_explorer/cli/parsed_mappings/security_stack/AWS/parsed_AWS_navigator_layer.json
@@ -0,0 +1 @@
+{"name": "security stack overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": 9}, "sorting": 3, "description": "security stack heatmap overview of security stack mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1040", "score": 5, "comment": "Related to AWS RDS,AWS Config,AWS IoT Device Defender,Amazon Virtual Private Cloud,AWS CloudWatch"}, {"techniqueID": "T1565", "score": 5, "comment": "Related to AWS RDS,AWS RDS,Amazon GuardDuty,AWS CloudEndure Disaster Recovery,Amazon Virtual Private Cloud"}, {"techniqueID": "T1557", "score": 4, "comment": "Related to AWS RDS,AWS Config,AWS IoT Device Defender,Amazon Virtual Private Cloud"}, {"techniqueID": "T1190", "score": 8, "comment": "Related to AWS RDS,AWS RDS,AWS Config,Amazon GuardDuty,AWS CloudEndure Disaster Recovery,Amazon Inspector,AWS Web Application Firewall,AWS Security Hub"}, {"techniqueID": "T1210", "score": 6, "comment": "Related to AWS RDS,AWS RDS,AWS Config,Amazon Inspector,Amazon Virtual Private Cloud,AWS Security Hub"}, {"techniqueID": "T1485", "score": 8, "comment": "Related to AWS RDS,AWS RDS,AWS RDS,AWS Config,AWS S3,Amazon GuardDuty,AWS CloudEndure Disaster Recovery,AWS Security Hub"}, {"techniqueID": "T1486", "score": 4, "comment": "Related to AWS RDS,AWS Config,Amazon GuardDuty,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1490", "score": 3, "comment": "Related to AWS RDS,AWS RDS,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1561", "score": 2, "comment": "Related to AWS RDS,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1530", "score": 7, "comment": "Related to AWS RDS,AWS Config,AWS S3,Amazon GuardDuty,AWS IoT Device Defender,AWS Security Hub,AWS Network Firewall"}, {"techniqueID": "T1529", "score": 2, "comment": "Related to AWS RDS,Amazon Inspector"}, {"techniqueID": "T1489", "score": 2, "comment": "Related to AWS RDS,Amazon Inspector"}, {"techniqueID": "T1020", "score": 3, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender"}, {"techniqueID": "T1053", "score": 2, "comment": "Related to AWS Config,Amazon Inspector"}, {"techniqueID": "T1068", "score": 3, "comment": "Related to AWS Config,Amazon Inspector,AWS Security Hub"}, {"techniqueID": "T1078", "score": 10, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS IoT Device Defender,AWS Organizations,Amazon Cognito,AWS Security Hub,AWS Identity and Access Management,AWS Identity and Access Management,AWS Single Sign-On"}, {"techniqueID": "T1098", "score": 4, "comment": "Related to AWS Config,Amazon GuardDuty,AWS Security Hub,AWS Identity and Access Management"}, {"techniqueID": "T1110", "score": 7, "comment": "Related to AWS Config,Amazon GuardDuty,Amazon Inspector,Amazon Cognito,AWS Security Hub,AWS Identity and Access Management,AWS Single Sign-On"}, {"techniqueID": "T1119", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1136", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1203", "score": 4, "comment": "Related to AWS Config,Amazon Inspector,AWS Web Application Firewall,AWS Security Hub"}, {"techniqueID": "T1211", "score": 3, "comment": "Related to AWS Config,Amazon Inspector,AWS Security Hub"}, {"techniqueID": "T1212", "score": 4, "comment": "Related to AWS Config,Amazon Inspector,AWS Security Hub,AWS Secrets Manager"}, {"techniqueID": "T1204", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1491", "score": 3, "comment": "Related to AWS Config,Amazon GuardDuty,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1496", "score": 4, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS CloudWatch"}, {"techniqueID": "T1498", "score": 5, "comment": "Related to AWS Config,Amazon GuardDuty,AWS Shield,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1499", "score": 4, "comment": "Related to AWS Config,AWS Shield,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1525", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1538", "score": 2, "comment": "Related to AWS Config,AWS Organizations"}, {"techniqueID": "T1552", "score": 6, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS Key Management Service,AWS Secrets Manager,AWS CloudHSM"}, {"techniqueID": "T1562", "score": 6, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS IoT Device Defender,Amazon Inspector,AWS Security Hub"}, {"techniqueID": "T1609", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1610", "score": 2, "comment": "Related to AWS Config,AWS CloudWatch"}, {"techniqueID": "T1611", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1613", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1595", "score": 5, "comment": "Related to Amazon GuardDuty,Amazon Inspector,Amazon Virtual Private Cloud,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1189", "score": 3, "comment": "Related to Amazon GuardDuty,Amazon Inspector,AWS Web Application Firewall"}, {"techniqueID": "T1566", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1580", "score": 3, "comment": "Related to Amazon GuardDuty,AWS Organizations,AWS Security Hub"}, {"techniqueID": "T1526", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1046", "score": 6, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,Amazon Inspector,Amazon Virtual Private Cloud,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1071", "score": 4, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1568", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to Amazon GuardDuty,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1090", "score": 4, "comment": "Related to Amazon GuardDuty,Amazon Virtual Private Cloud,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1029", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1041", "score": 3, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,AWS Network Firewall"}, {"techniqueID": "T1048", "score": 4, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1567", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1531", "score": 2, "comment": "Related to Amazon GuardDuty,AWS Security Hub"}, {"techniqueID": "T1095", "score": 3, "comment": "Related to AWS IoT Device Defender,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to AWS Organizations"}, {"techniqueID": "T1588", "score": 2, "comment": "Related to AWS Key Management Service,AWS CloudHSM"}, {"techniqueID": "T1133", "score": 4, "comment": "Related to Amazon Inspector,Amazon Virtual Private Cloud,AWS Network Firewall,AWS Single Sign-On"}, {"techniqueID": "T1021", "score": 3, "comment": "Related to Amazon Inspector,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1070", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1599", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1037", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1543", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1590", "score": 3, "comment": "Related to Amazon Virtual Private Cloud,AWS Security Hub,AWS Network Firewall"}, {"techniqueID": "T1205", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1018", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1008", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1219", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1199", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1602", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1542", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1072", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1482", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1059", "score": 1, "comment": "Related to AWS Web Application Firewall"}, {"techniqueID": "T1592", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1589", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1591", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1550", "score": 1, "comment": "Related to AWS Identity and Access Management"}, {"techniqueID": "T1528", "score": 2, "comment": "Related to AWS Identity and Access Management,AWS Secrets Manager"}, {"techniqueID": "T1555", "score": 1, "comment": "Related to AWS Secrets Manager"}, {"techniqueID": "T1187", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1572", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1104", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1553", "score": 1, "comment": "Related to AWS CloudHSM"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 10}}
diff --git a/...pings_explorer/cli/parsed_mappings/security_stack/Azure/parsed_Azure_navigator_layer.json b/...pings_explorer/cli/parsed_mappings/security_stack/Azure/parsed_Azure_navigator_layer.json
diff --git a/src/mappings_explorer/cli/parsed_mappings/security_stack/GCP/parsed_GCP_navigator_layer.json b/src/mappings_explorer/cli/parsed_mappings/security_stack/GCP/parsed_GCP_navigator_layer.json
diff --git a/...pings_explorer/cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings_navigator_layer.json b/...pings_explorer/cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings_navigator_layer.json
diff --git a/...i/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise_navigator_layer.json b/...i/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise_navigator_layer.json
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"name": "security stack overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": 9}, "sorting": 3, "description": "security stack heatmap overview of security stack mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1040", "score": 5, "comment": "Related to AWS RDS,AWS Config,AWS IoT Device Defender,Amazon Virtual Private Cloud,AWS CloudWatch"}, {"techniqueID": "T1565", "score": 5, "comment": "Related to AWS RDS,AWS RDS,Amazon GuardDuty,AWS CloudEndure Disaster Recovery,Amazon Virtual Private Cloud"}, {"techniqueID": "T1557", "score": 4, "comment": "Related to AWS RDS,AWS Config,AWS IoT Device Defender,Amazon Virtual Private Cloud"}, {"techniqueID": "T1190", "score": 8, "comment": "Related to AWS RDS,AWS RDS,AWS Config,Amazon GuardDuty,AWS CloudEndure Disaster Recovery,Amazon Inspector,AWS Web Application Firewall,AWS Security Hub"}, {"techniqueID": "T1210", "score": 6, "comment": "Related to AWS RDS,AWS RDS,AWS Config,Amazon Inspector,Amazon Virtual Private Cloud,AWS Security Hub"}, {"techniqueID": "T1485", "score": 8, "comment": "Related to AWS RDS,AWS RDS,AWS RDS,AWS Config,AWS S3,Amazon GuardDuty,AWS CloudEndure Disaster Recovery,AWS Security Hub"}, {"techniqueID": "T1486", "score": 4, "comment": "Related to AWS RDS,AWS Config,Amazon GuardDuty,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1490", "score": 3, "comment": "Related to AWS RDS,AWS RDS,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1561", "score": 2, "comment": "Related to AWS RDS,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1530", "score": 7, "comment": "Related to AWS RDS,AWS Config,AWS S3,Amazon GuardDuty,AWS IoT Device Defender,AWS Security Hub,AWS Network Firewall"}, {"techniqueID": "T1529", "score": 2, "comment": "Related to AWS RDS,Amazon Inspector"}, {"techniqueID": "T1489", "score": 2, "comment": "Related to AWS RDS,Amazon Inspector"}, {"techniqueID": "T1020", "score": 3, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender"}, {"techniqueID": "T1053", "score": 2, "comment": "Related to AWS Config,Amazon Inspector"}, {"techniqueID": "T1068", "score": 3, "comment": "Related to AWS Config,Amazon Inspector,AWS Security Hub"}, {"techniqueID": "T1078", "score": 10, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS IoT Device Defender,AWS Organizations,Amazon Cognito,AWS Security Hub,AWS Identity and Access Management,AWS Identity and Access Management,AWS Single Sign-On"}, {"techniqueID": "T1098", "score": 4, "comment": "Related to AWS Config,Amazon GuardDuty,AWS Security Hub,AWS Identity and Access Management"}, {"techniqueID": "T1110", "score": 7, "comment": "Related to AWS Config,Amazon GuardDuty,Amazon Inspector,Amazon Cognito,AWS Security Hub,AWS Identity and Access Management,AWS Single Sign-On"}, {"techniqueID": "T1119", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1136", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1203", "score": 4, "comment": "Related to AWS Config,Amazon Inspector,AWS Web Application Firewall,AWS Security Hub"}, {"techniqueID": "T1211", "score": 3, "comment": "Related to AWS Config,Amazon Inspector,AWS Security Hub"}, {"techniqueID": "T1212", "score": 4, "comment": "Related to AWS Config,Amazon Inspector,AWS Security Hub,AWS Secrets Manager"}, {"techniqueID": "T1204", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1491", "score": 3, "comment": "Related to AWS Config,Amazon GuardDuty,AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1496", "score": 4, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS CloudWatch"}, {"techniqueID": "T1498", "score": 5, "comment": "Related to AWS Config,Amazon GuardDuty,AWS Shield,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1499", "score": 4, "comment": "Related to AWS Config,AWS Shield,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1525", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1538", "score": 2, "comment": "Related to AWS Config,AWS Organizations"}, {"techniqueID": "T1552", "score": 6, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS Key Management Service,AWS Secrets Manager,AWS CloudHSM"}, {"techniqueID": "T1562", "score": 6, "comment": "Related to AWS Config,Amazon GuardDuty,AWS IoT Device Defender,AWS IoT Device Defender,Amazon Inspector,AWS Security Hub"}, {"techniqueID": "T1609", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1610", "score": 2, "comment": "Related to AWS Config,AWS CloudWatch"}, {"techniqueID": "T1611", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1613", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1595", "score": 5, "comment": "Related to Amazon GuardDuty,Amazon Inspector,Amazon Virtual Private Cloud,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1189", "score": 3, "comment": "Related to Amazon GuardDuty,Amazon Inspector,AWS Web Application Firewall"}, {"techniqueID": "T1566", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1580", "score": 3, "comment": "Related to Amazon GuardDuty,AWS Organizations,AWS Security Hub"}, {"techniqueID": "T1526", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1046", "score": 6, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,Amazon Inspector,Amazon Virtual Private Cloud,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1071", "score": 4, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1568", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to Amazon GuardDuty,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1090", "score": 4, "comment": "Related to Amazon GuardDuty,Amazon Virtual Private Cloud,AWS Web Application Firewall,AWS Network Firewall"}, {"techniqueID": "T1029", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1041", "score": 3, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,AWS Network Firewall"}, {"techniqueID": "T1048", "score": 4, "comment": "Related to Amazon GuardDuty,AWS IoT Device Defender,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1567", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1531", "score": 2, "comment": "Related to Amazon GuardDuty,AWS Security Hub"}, {"techniqueID": "T1095", "score": 3, "comment": "Related to AWS IoT Device Defender,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to AWS Organizations"}, {"techniqueID": "T1588", "score": 2, "comment": "Related to AWS Key Management Service,AWS CloudHSM"}, {"techniqueID": "T1133", "score": 4, "comment": "Related to Amazon Inspector,Amazon Virtual Private Cloud,AWS Network Firewall,AWS Single Sign-On"}, {"techniqueID": "T1021", "score": 3, "comment": "Related to Amazon Inspector,Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1070", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1599", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1037", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1543", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1590", "score": 3, "comment": "Related to Amazon Virtual Private Cloud,AWS Security Hub,AWS Network Firewall"}, {"techniqueID": "T1205", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1018", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1008", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1219", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1199", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1602", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1542", "score": 2, "comment": "Related to Amazon Virtual Private Cloud,AWS Network Firewall"}, {"techniqueID": "T1072", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1482", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1059", "score": 1, "comment": "Related to AWS Web Application Firewall"}, {"techniqueID": "T1592", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1589", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1591", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1550", "score": 1, "comment": "Related to AWS Identity and Access Management"}, {"techniqueID": "T1528", "score": 2, "comment": "Related to AWS Identity and Access Management,AWS Secrets Manager"}, {"techniqueID": "T1555", "score": 1, "comment": "Related to AWS Secrets Manager"}, {"techniqueID": "T1187", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1572", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1104", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1553", "score": 1, "comment": "Related to AWS CloudHSM"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 10}}