Skip to content

Commit

Permalink
Add ATT&CKv13.1 and information on data components (#18)
Browse files Browse the repository at this point in the history
* Added ATT&CKv13.1 and information on data components

* Update README.md

Add ATT&CKv13.1 and information on data components
  • Loading branch information
tiffb authored Mar 22, 2024
1 parent cd3f042 commit 2ca994c
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 0 deletions.
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ methodologies, defines all the key terms, and contains detailed examples.
| [Navigator Layers](https://github.com/center-for-threat-informed-defense/sensor-mappings-to-attack/tree/main/mappings/layers/enterprise) | ATT&CK Navigator views of the Sensor Mappings. |
| [STIX Bundles](https://github.com/center-for-threat-informed-defense/sensor-mappings-to-attack/tree/main/mappings/stix/enterprise) | Machine-readable list of Sensor Mappings. |

The initial SMAP work was developed using ATT&CKv13.1. The mappings include some data
components that are not represented in ATT&CKv13.1 and may not be represented in more
recent versions of ATT&CK. The reason for this is that ATT&CK does not include data
components that do not currently have a relationship to a (sub-)technique. These
mapped data components are being tracked by the ATT&CK team and will be considered for
incorporation in future versions of ATT&CK as the overall ATT&CK catalog evolves.

## Getting Involved

There are several ways that you can get involved with this project and help advance
Expand Down
7 changes: 7 additions & 0 deletions docs/example_technique_mappings/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,10 @@ looking to provide insight into a specific environment.
linux
cloudtrail
network

Note that the initial SMAP work was developed using ATT&CKv13.1. The mappings include
some data components that are not represented in ATT&CKv13.1 and may not be represented
in more recent versions of ATT&CK. The reason for this is that ATT&CK does not include
data components that do not currently have a relationship to a (sub-)technique. These
mapped data components are being tracked by the ATT&CK team and will be considered for
incorporation in future versions of ATT&CK as the overall ATT&CK catalog evolves.
7 changes: 7 additions & 0 deletions docs/levels/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ which gather data from endpoints in the environment (e.g., Windows, Linux), and
Sensors, which gather data gather from network communications, typically outbound
connections.

The initial SMAP work was developed using ATT&CKv13.1. The mappings include some data
components that are not represented in ATT&CKv13.1 and may not be represented in more
recent versions of ATT&CK. The reason for this is that ATT&CK does not include data
components that do not currently have a relationship to a (sub-)technique. These
mapped data components are being tracked by the ATT&CK team and will be considered for
incorporation in future versions of ATT&CK as the overall ATT&CK catalog evolves.

View Mappings
-------------

Expand Down
7 changes: 7 additions & 0 deletions docs/methodology/step2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,13 @@ pages provide definitions for each individual Data Source.
.. image:: ../_static/attack_ex_pc.png
:width: 600

Note that the initial SMAP work was developed using ATT&CKv13.1. The mappings include
some data components that are not represented in ATT&CKv13.1 and may not be represented
in more recent versions of ATT&CK. The reason for this is that ATT&CK does not include
data components that do not currently have a relationship to a (sub-)technique. These
mapped data components are being tracked by the ATT&CK team and will be considered for
incorporation in future versions of ATT&CK as the overall ATT&CK catalog evolves.

For Process Creation, ATT&CK's definition is : **..the initial construction of an
executable..**. Through key word review, it can be determined that this is the same as
**..a process is created..** Therefore, event ID 4688 can be linked with this ATT&CK
Expand Down
7 changes: 7 additions & 0 deletions docs/overview.rst
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@ to answer questions such as:
- If I'm concerned about a recent threat report, how can I look for that threat in my
environment?

The initial SMAP work was developed using ATT&CKv13.1. The mappings include some data
components that are not represented in ATT&CKv13.1 and may not be represented in more
recent versions of ATT&CK. The reason for this is that ATT&CK does not include data
components that do not currently have a relationship to a (sub-)technique. These
mapped data components are being tracked by the ATT&CK team and will be considered for
incorporation in future versions of ATT&CK as the overall ATT&CK catalog evolves.

Background
----------

Expand Down

0 comments on commit 2ca994c

Please sign in to comment.