Support ATT&CK v14.1 Techniques

[mr-tz]

Thank you very much for your contributions.
May I ask if you have any plans in the near future to synchronize capa rules with ATT&CK v14.1?

Originally posted by @Iroxious in #222 (comment)

I see the following potential new techniques:

• Exfiltration Over Web Service: Exfiltration Over Webhook
• Hide Artifacts: Ignore Process Interrupts
• Impair Defenses: Disable or Modify Linux Audit System
• Log Enumeration
• Masquerading: Break Process Trees
• Power Settings
• System Network Configuration Discovery: Wi-Fi Discovery

[Iroxious]

Thank you for your response. May I understand that for other earlier techniques not mentioned by you, if they can be utilized in CAPA analysis, they are already roughly included in capa-rules? (I saw that capa-rules currently involve a total of 120 TTP techniques.)

[mr-tz]

Yes, we don't exactly track the supported version or coverage but many rules have ATT&CK and MBC mappings included.

[Iroxious]

I understand, thank you for your explanation. :)