From 1f2a3f01ed9bc776438fe81271f5aebd3cd8c5aa Mon Sep 17 00:00:00 2001 From: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Date: Fri, 5 Apr 2024 14:16:41 -0400 Subject: [PATCH] [Security Solution] Updates MITRE ATT&CK framework to `v14.1` (#174120) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Resolves: https://github.com/elastic/kibana/issues/171680** ## Summary Addresses: https://github.com/elastic/kibana/issues/166152 for `8.14.0` and https://github.com/elastic/kibana/issues/171680 [Flaky test runner result (internal)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5147) Updates MITRE ATT&CK mappings to `v14.1`. Last update was to `v13.1` in https://github.com/elastic/kibana/pull/166536. To update, I modified https://github.com/elastic/kibana/blob/b0c6cc9777d220b3823ab9b1bbe08c5056f7016e/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js#L22 to point to the `ATT&CK-v14.1` tag. Then ran `yarn extract-mitre-attacks` from the root `security_solution` plugin directory, and then `node scripts/i18n_check.js --fix` from Kibana root to regen the i18n files. ## Acceptance Criteria - [x] User can map and use new MITRE techniques in Security Solution - [ ] The user-facing documentation is updated with the new version - Ticket [here](https://github.com/elastic/security-docs/issues/4550) - [ ] [MITRE ATT&CK® coverage](https://www.elastic.co/guide/en/security/master/rules-coverage.html) page ## Test Criteria - [x] Verify that new techniques (see the changelog link above) are available for mapping on the Rule Creation page under "Advanced settings" - [x] Verify that new techniques are available on the MITRE ATT&CK coverage page ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../mitre/mitre_tactics_techniques.ts | 319 +++++++++++++++--- .../extract_tactics_techniques_mitre.js | 4 +- .../translations/translations/fr-FR.json | 1 - .../translations/translations/ja-JP.json | 1 - .../translations/translations/zh-CN.json | 1 - .../coverage_overview/coverage_overview.cy.ts | 4 +- 6 files changed, 269 insertions(+), 61 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts index abfd92ca074ac..c2e2caeee46e0 100644 --- a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts +++ b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts @@ -209,7 +209,7 @@ export const techniques: MitreTechnique[] = [ id: 'T1098', name: 'Account Manipulation', reference: 'https://attack.mitre.org/techniques/T1098', - tactics: ['persistence'], + tactics: ['persistence', 'privilege-escalation'], value: 'accountManipulation', }, { @@ -553,6 +553,17 @@ export const techniques: MitreTechnique[] = [ tactics: ['discovery'], value: 'containerAndResourceDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.contentInjectionDescription', + { defaultMessage: 'Content Injection (T1659)' } + ), + id: 'T1659', + name: 'Content Injection', + reference: 'https://attack.mitre.org/techniques/T1659', + tactics: ['initial-access', 'command-and-control'], + value: 'contentInjection', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', @@ -1103,6 +1114,17 @@ export const techniques: MitreTechnique[] = [ tactics: ['defense-evasion'], value: 'fileAndDirectoryPermissionsModification', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.financialTheftDescription', + { defaultMessage: 'Financial Theft (T1657)' } + ), + id: 'T1657', + name: 'Financial Theft', + reference: 'https://attack.mitre.org/techniques/T1657', + tactics: ['impact'], + value: 'financialTheft', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.firmwareCorruptionDescription', @@ -1235,6 +1257,17 @@ export const techniques: MitreTechnique[] = [ tactics: ['defense-evasion'], value: 'impairDefenses', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.impersonationDescription', + { defaultMessage: 'Impersonation (T1656)' } + ), + id: 'T1656', + name: 'Impersonation', + reference: 'https://attack.mitre.org/techniques/T1656', + tactics: ['defense-evasion'], + value: 'impersonation', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription', @@ -1334,6 +1367,17 @@ export const techniques: MitreTechnique[] = [ tactics: ['lateral-movement'], value: 'lateralToolTransfer', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.logEnumerationDescription', + { defaultMessage: 'Log Enumeration (T1654)' } + ), + id: 'T1654', + name: 'Log Enumeration', + reference: 'https://attack.mitre.org/techniques/T1654', + tactics: ['discovery'], + value: 'logEnumeration', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription', @@ -1620,6 +1664,17 @@ export const techniques: MitreTechnique[] = [ tactics: ['defense-evasion'], value: 'plistFileModification', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerSettingsDescription', + { defaultMessage: 'Power Settings (T1653)' } + ), + id: 'T1653', + name: 'Power Settings', + reference: 'https://attack.mitre.org/techniques/T1653', + tactics: ['persistence'], + value: 'powerSettings', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.preOsBootDescription', @@ -2396,7 +2451,7 @@ export const subtechniques: MitreSubTechnique[] = [ id: 'T1098.001', name: 'Additional Cloud Credentials', reference: 'https://attack.mitre.org/techniques/T1098/001', - tactics: ['persistence'], + tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1098', value: 'additionalCloudCredentials', }, @@ -2408,10 +2463,22 @@ export const subtechniques: MitreSubTechnique[] = [ id: 'T1098.003', name: 'Additional Cloud Roles', reference: 'https://attack.mitre.org/techniques/T1098/003', - tactics: ['persistence'], + tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1098', value: 'additionalCloudRoles', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalContainerClusterRolesT1098Description', + { defaultMessage: 'Additional Container Cluster Roles (T1098.006)' } + ), + id: 'T1098.006', + name: 'Additional Container Cluster Roles', + reference: 'https://attack.mitre.org/techniques/T1098/006', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1098', + value: 'additionalContainerClusterRoles', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalEmailDelegatePermissionsT1098Description', @@ -2420,7 +2487,7 @@ export const subtechniques: MitreSubTechnique[] = [ id: 'T1098.002', name: 'Additional Email Delegate Permissions', reference: 'https://attack.mitre.org/techniques/T1098/002', - tactics: ['persistence'], + tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1098', value: 'additionalEmailDelegatePermissions', }, @@ -2664,6 +2731,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1584', value: 'botnet', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.breakProcessTreesT1036Description', + { defaultMessage: 'Break Process Trees (T1036.009)' } + ), + id: 'T1036.009', + name: 'Break Process Trees', + reference: 'https://attack.mitre.org/techniques/T1036/009', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + value: 'breakProcessTrees', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.businessRelationshipsT1591Description', @@ -2940,6 +3019,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1552', value: 'cloudInstanceMetadataApi', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudSecretsManagementStoresT1555Description', + { defaultMessage: 'Cloud Secrets Management Stores (T1555.006)' } + ), + id: 'T1555.006', + name: 'Cloud Secrets Management Stores', + reference: 'https://attack.mitre.org/techniques/T1555/006', + tactics: ['credential-access'], + techniqueId: 'T1555', + value: 'cloudSecretsManagementStores', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudServicesT1021Description', @@ -3476,7 +3567,7 @@ export const subtechniques: MitreSubTechnique[] = [ id: 'T1098.005', name: 'Device Registration', reference: 'https://attack.mitre.org/techniques/T1098/005', - tactics: ['persistence'], + tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1098', value: 'deviceRegistration', }, @@ -3516,6 +3607,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1587', value: 'digitalCertificates', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directCloudVmConnectionsT1021Description', + { defaultMessage: 'Direct Cloud VM Connections (T1021.008)' } + ), + id: 'T1021.008', + name: 'Direct Cloud VM Connections', + reference: 'https://attack.mitre.org/techniques/T1021/008', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + value: 'directCloudVmConnections', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directNetworkFloodT1498Description', @@ -3528,18 +3631,6 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1498', value: 'directNetworkFlood', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCloudLogsT1562Description', - { defaultMessage: 'Disable Cloud Logs (T1562.008)' } - ), - id: 'T1562.008', - name: 'Disable Cloud Logs', - reference: 'https://attack.mitre.org/techniques/T1562/008', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - value: 'disableCloudLogs', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCryptoHardwareT1600Description', @@ -3576,6 +3667,30 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1562', value: 'disableOrModifyCloudFirewall', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyCloudLogsT1562Description', + { defaultMessage: 'Disable or Modify Cloud Logs (T1562.008)' } + ), + id: 'T1562.008', + name: 'Disable or Modify Cloud Logs', + reference: 'https://attack.mitre.org/techniques/T1562/008', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + value: 'disableOrModifyCloudLogs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyLinuxAuditSystemT1562Description', + { defaultMessage: 'Disable or Modify Linux Audit System (T1562.012)' } + ), + id: 'T1562.012', + name: 'Disable or Modify Linux Audit System', + reference: 'https://attack.mitre.org/techniques/T1562/012', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + value: 'disableOrModifyLinuxAuditSystem', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifySystemFirewallT1562Description', @@ -4068,6 +4183,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1048', value: 'exfiltrationOverUnencryptedNonC2Protocol', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverWebhookT1567Description', + { defaultMessage: 'Exfiltration Over Webhook (T1567.004)' } + ), + id: 'T1567.004', + name: 'Exfiltration Over Webhook', + reference: 'https://attack.mitre.org/techniques/T1567/004', + tactics: ['exfiltration'], + techniqueId: 'T1567', + value: 'exfiltrationOverWebhook', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description', @@ -4428,6 +4555,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1591', value: 'identifyRoles', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ignoreProcessInterruptsT1564Description', + { defaultMessage: 'Ignore Process Interrupts (T1564.011)' } + ), + id: 'T1564.011', + name: 'Ignore Process Interrupts', + reference: 'https://attack.mitre.org/techniques/T1564/011', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + value: 'ignoreProcessInterrupts', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.imageFileExecutionOptionsInjectionT1546Description', @@ -4680,6 +4819,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1557', value: 'llmnrNbtNsPoisoningAndSmbRelay', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lnkIconSmugglingT1027Description', + { defaultMessage: 'LNK Icon Smuggling (T1027.012)' } + ), + id: 'T1027.012', + name: 'LNK Icon Smuggling', + reference: 'https://attack.mitre.org/techniques/T1027/012', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + value: 'lnkIconSmuggling', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description', @@ -5076,6 +5227,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1218', value: 'mavinject', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.modifyCloudComputeConfigurationsT1578Description', + { defaultMessage: 'Modify Cloud Compute Configurations (T1578.005)' } + ), + id: 'T1578.005', + name: 'Modify Cloud Compute Configurations', + reference: 'https://attack.mitre.org/techniques/T1578/005', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + value: 'modifyCloudComputeConfigurations', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mshtaT1218Description', @@ -6092,7 +6255,7 @@ export const subtechniques: MitreSubTechnique[] = [ id: 'T1098.004', name: 'SSH Authorized Keys', reference: 'https://attack.mitre.org/techniques/T1098/004', - tactics: ['persistence'], + tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1098', value: 'sshAuthorizedKeys', }, @@ -6516,6 +6679,30 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1598', value: 'spearphishingService', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingVoiceT1598Description', + { defaultMessage: 'Spearphishing Voice (T1598.004)' } + ), + id: 'T1598.004', + name: 'Spearphishing Voice', + reference: 'https://attack.mitre.org/techniques/T1598/004', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + value: 'spearphishingVoice', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingVoiceT1566Description', + { defaultMessage: 'Spearphishing Voice (T1566.004)' } + ), + id: 'T1566.004', + name: 'Spearphishing Voice', + reference: 'https://attack.mitre.org/techniques/T1566/004', + tactics: ['initial-access'], + techniqueId: 'T1566', + value: 'spearphishingVoice', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingViaServiceT1566Description', @@ -6708,6 +6895,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1542', value: 'tftpBoot', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.temporaryElevatedCloudAccessT1548Description', + { defaultMessage: 'Temporary Elevated Cloud Access (T1548.005)' } + ), + id: 'T1548.005', + name: 'Temporary Elevated Cloud Access', + reference: 'https://attack.mitre.org/techniques/T1548/005', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + value: 'temporaryElevatedCloudAccess', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.terminalServicesDllT1505Description', @@ -7128,6 +7327,18 @@ export const subtechniques: MitreSubTechnique[] = [ techniqueId: 'T1505', value: 'webShell', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.wiFiDiscoveryT1016Description', + { defaultMessage: 'Wi-Fi Discovery (T1016.002)' } + ), + id: 'T1016.002', + name: 'Wi-Fi Discovery', + reference: 'https://attack.mitre.org/techniques/T1016/002', + tactics: ['discovery'], + techniqueId: 'T1016', + value: 'wiFiDiscovery', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsCommandShellT1059Description', @@ -7278,62 +7489,62 @@ export const getMockThreatData = () => [ }, { tactic: { - name: 'Credential Access', - id: 'TA0006', - reference: 'https://attack.mitre.org/tactics/TA0006', + name: 'Command and Control', + id: 'TA0011', + reference: 'https://attack.mitre.org/tactics/TA0011', }, technique: { - name: 'Steal or Forge Kerberos Tickets', - id: 'T1558', - reference: 'https://attack.mitre.org/techniques/T1558', - tactics: ['credential-access'], + name: 'Encrypted Channel', + id: 'T1573', + reference: 'https://attack.mitre.org/techniques/T1573', + tactics: ['command-and-control'], }, subtechnique: { - name: 'AS-REP Roasting', - id: 'T1558.004', - reference: 'https://attack.mitre.org/techniques/T1558/004', - tactics: ['credential-access'], - techniqueId: 'T1558', + name: 'Asymmetric Cryptography', + id: 'T1573.002', + reference: 'https://attack.mitre.org/techniques/T1573/002', + tactics: ['command-and-control'], + techniqueId: 'T1573', }, }, { tactic: { - name: 'Persistence', - id: 'TA0003', - reference: 'https://attack.mitre.org/tactics/TA0003', + name: 'Defense Evasion', + id: 'TA0005', + reference: 'https://attack.mitre.org/tactics/TA0005', }, technique: { - name: 'Boot or Logon Autostart Execution', - id: 'T1547', - reference: 'https://attack.mitre.org/techniques/T1547', - tactics: ['persistence', 'privilege-escalation'], + name: 'Indicator Removal', + id: 'T1070', + reference: 'https://attack.mitre.org/techniques/T1070', + tactics: ['defense-evasion'], }, subtechnique: { - name: 'Active Setup', - id: 'T1547.014', - reference: 'https://attack.mitre.org/techniques/T1547/014', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', + name: 'Clear Linux or Mac System Logs', + id: 'T1070.002', + reference: 'https://attack.mitre.org/techniques/T1070/002', + tactics: ['defense-evasion'], + techniqueId: 'T1070', }, }, { tactic: { - name: 'Persistence', - id: 'TA0003', - reference: 'https://attack.mitre.org/tactics/TA0003', + name: 'Resource Development', + id: 'TA0042', + reference: 'https://attack.mitre.org/tactics/TA0042', }, technique: { - name: 'Account Manipulation', - id: 'T1098', - reference: 'https://attack.mitre.org/techniques/T1098', - tactics: ['persistence'], + name: 'Obtain Capabilities', + id: 'T1588', + reference: 'https://attack.mitre.org/techniques/T1588', + tactics: ['resource-development'], }, subtechnique: { - name: 'Additional Cloud Credentials', - id: 'T1098.001', - reference: 'https://attack.mitre.org/techniques/T1098/001', - tactics: ['persistence'], - techniqueId: 'T1098', + name: 'Code Signing Certificates', + id: 'T1588.003', + reference: 'https://attack.mitre.org/techniques/T1588/003', + tactics: ['resource-development'], + techniqueId: 'T1588', }, }, ]; diff --git a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js index 1f8526538e8c9..28a1d9b9b6ecf 100644 --- a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js +++ b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js @@ -19,7 +19,7 @@ const OUTPUT_DIRECTORY = resolve('public', 'detections', 'mitre'); // Every release we should update the version of MITRE ATT&CK content and regenerate the model in our code. // This version must correspond to the one used for prebuilt rules in https://github.com/elastic/detection-rules. // This version is basically a tag on https://github.com/mitre/cti/tags, or can be a branch name like `master`. -const MITRE_CONTENT_VERSION = 'ATT&CK-v13.1'; // last updated when preparing for 8.10.3 release +const MITRE_CONTENT_VERSION = 'ATT&CK-v14.1'; // last updated when preparing for 8.14.0 release const MITRE_CONTENT_URL = `https://raw.githubusercontent.com/mitre/cti/${MITRE_CONTENT_VERSION}/enterprise-attack/enterprise-attack.json`; /** @@ -184,7 +184,7 @@ const buildMockThreatData = (tacticsData, techniques, subtechniques) => { const numberOfThreatsToGenerate = 4; const mockThreatData = []; for (let i = 0; i < numberOfThreatsToGenerate; i++) { - const subtechnique = subtechniques[i * 2]; // Double our interval to broaden the subtechnique types we're pulling data from a bit + const subtechnique = subtechniques[i * 20]; // Double our interval to broaden the subtechnique types we're pulling data from a bit const technique = techniques.find((technique) => technique.id === subtechnique.techniqueId); const tactic = tacticsData.find((tactic) => tactic.shortName === technique.tactics[0]); diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 41571e3d3d0c6..a9bd53e383dda 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -34399,7 +34399,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1588Description": "Certificats numériques (T1588.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description": "Certificats numériques (T1596.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directNetworkFloodT1498Description": "Flux de réseau direct (T1498.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCloudLogsT1562Description": "Désactivation des logs de cloud (T1562.008)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCryptoHardwareT1600Description": "Désactivation du matériel de crypto (T1600.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyCloudFirewallT1562Description": "Désactivation ou modification du pare-feu du cloud (T1562.007)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifySystemFirewallT1562Description": "Désactivation ou modification du pare-feu du système (T1562.004)", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 64185de61cfc5..73cb47451f5b1 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -34368,7 +34368,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1588Description": "デジタル証明書(T1588.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description": "デジタル証明書(T1596.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directNetworkFloodT1498Description": "ダイレクトネットワークフラッド(T1498.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCloudLogsT1562Description": "クラウドログの無効化(T1562.008)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCryptoHardwareT1600Description": "暗号ハードウェアの無効化(T1600.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyCloudFirewallT1562Description": "クラウドファイアウォールの無効化または修正(T1562.007)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifySystemFirewallT1562Description": "システムファイアウォールの無効化または修正(T1562.004)", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index af89d81e615f0..eb9d382b30eb5 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -34411,7 +34411,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1588Description": "Digital Certificates (T1588.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description": "Digital Certificates (T1596.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directNetworkFloodT1498Description": "Direct Network Flood (T1498.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCloudLogsT1562Description": "Disable Cloud Logs (T1562.008)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCryptoHardwareT1600Description": "Disable Crypto Hardware (T1600.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyCloudFirewallT1562Description": "Disable or Modify Cloud Firewall (T1562.007)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifySystemFirewallT1562Description": "Disable or Modify System Firewall (T1562.004)", diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/coverage_overview/coverage_overview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/coverage_overview/coverage_overview.cy.ts index 6ae5b2b888aac..adfab13fe619f 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/coverage_overview/coverage_overview.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/coverage_overview/coverage_overview.cy.ts @@ -48,8 +48,8 @@ const EnabledCustomRuleMitreData = getMockThreatData()[2]; const DisabledCustomRuleMitreData = getMockThreatData()[3]; // Mitre data used for duplicate technique tests -const DuplicateTechniqueMitreData1 = getDuplicateTechniqueThreatData()[1]; -const DuplicateTechniqueMitreData2 = getDuplicateTechniqueThreatData()[0]; +const DuplicateTechniqueMitreData1 = getDuplicateTechniqueThreatData()[0]; +const DuplicateTechniqueMitreData2 = getDuplicateTechniqueThreatData()[1]; const MockEnabledPrebuiltRuleThreat: Threat = { framework: 'MITRE ATT&CK',