Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Regenerate tactics and techniques fields prior to release builds #89876

Closed
spong opened this issue Feb 1, 2021 · 3 comments
Closed

[Security Solution] Regenerate tactics and techniques fields prior to release builds #89876

spong opened this issue Feb 1, 2021 · 3 comments
Labels
enhancement New value added to drive a business result Feature:Detection Rules Security Solution rules and Detection Engine Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture

Comments

@spong
Copy link
Member

spong commented Feb 1, 2021

The MITRE Tactics & Techniques that are provided for selection during Rule Creation are currently manually generated via the extract_tactics_techniques_mitre.js script which will use the latest tactics & techniques from mitre/cti/master.

Now that we've updated to support sub-techniques (#83511) and related structural changes, we can probably automate this task per release to ensure we're always shipping the latest.

For reference, to regenerate run yarn extract-mitre-attacks from /x-pack/plugins/security_solution.
@spong spong added enhancement New value added to drive a business result Feature:Detection Rules Security Solution rules and Detection Engine Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Feb 1, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@spong spong mentioned this issue Apr 13, 2021
Merged
spong added a commit that referenced this issue Apr 13, 2021
@spong
[Security Solution][Detections] Updates MITRE Tactics, Techniques, an…
7e20bf8 
…d Subtechniques for 7.13 (#97011)

## Summary

This PR updates the MITRE Tactics, Techniques, and Subtechniques used within Security Solution Detection Rules. See #89876 for details on automating this task. 🙂
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Apr 13, 2021
@spong @kibanamachine
[Security Solution][Detections] Updates MITRE Tactics, Techniques, an…
228ead6 
…d Subtechniques for 7.13 (elastic#97011)

## Summary

This PR updates the MITRE Tactics, Techniques, and Subtechniques used within Security Solution Detection Rules. See elastic#89876 for details on automating this task. 🙂
kibanamachine added a commit that referenced this issue Apr 13, 2021
@kibanamachine @spong
[Security Solution][Detections] Updates MITRE Tactics, Techniques, an…
d7a832f 
…d Subtechniques for 7.13 (#97011) (#97036)

## Summary

This PR updates the MITRE Tactics, Techniques, and Subtechniques used within Security Solution Detection Rules. See #89876 for details on automating this task. 🙂

Co-authored-by: Garrett Spong <[email protected]>
@peluja1012 peluja1012 added technical debt Improvement of the software architecture and operational architecture Team:Detection Rule Management Security Detection Rule Management Team labels Oct 22, 2021
@spong spong mentioned this issue Jul 21, 2022
Merged
@banderror banderror self-assigned this Jul 25, 2022
@banderror banderror mentioned this issue Jul 25, 2022
Merged
banderror added a commit that referenced this issue Jul 27, 2022
@banderror
[Security Solution][Detections] Update the MITRE ATT&CK model to v11.3 (
cc634ed 
#137122)

**Related to:** elastic/detection-rules#2073 (comment), #89876

## Summary

Here we regenerate the MITRE ATT&CK model in the code based on the official MITRE content:

- we update to the version `ATT&CK-v11.3` (see elastic/detection-rules#2073 (comment))
- this corresponds to the `https://raw.githubusercontent.com/mitre/cti/ATT&CK-v11.3/enterprise-attack/enterprise-attack.json` content

Also, this PR fixes the model regeneration script (check the comment below).
@banderror banderror removed their assignment Jul 29, 2022
@banderror banderror changed the title [Security Solution][Detections] Regenerate tactics and techniques fields prior to release builds [Security Solution] Regenerate tactics and techniques fields prior to release builds Nov 24, 2022
@banderror
Copy link
Contributor

Replaced by #166152

@banderror banderror closed this as not planned Won't fix, can't repro, duplicate, stale Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Detection Rules Security Solution rules and Detection Engine Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peluja1012 @spong @banderror @elasticmachine