Skip to content

[Feature Request] Add MITRE ATT&CK support #1766

New issue
New issue
Closed
Closed
[Feature Request] Add MITRE ATT&CK support#1766
Assignees
nadouanirricletTo-om
Labels
TheHive4TheHive4 related issuesfeature request
Milestone
 
4.1.0
@nadouani

Description

@nadouani
nadouani
opened on Jan 29, 2021

Request Type

Feature Request

Problem Description

The goal of this feature is to add MITRE ATT&CK support in TheHive. The main objective is to allow users to enrich their incidents by assigning discovered attack patterns.

Features

BE

  • Add API to import attack-pattern catalog
    • include revoke=true
    • import x_mitre_detection
    • import x_mitre_platforms
    • import x_mitre_data_sources
    • import x_mitre_system_requirements
    • import x_mitre_permissions_required
    • import x_mitre_defense_bypassed
    • import x_mitre_remote_support
    • Add capecId & capecUrl properties to Pattern model
  • Add API to fetch an attack pattern details
    • add a getPattern query
      • including a children extra data (for techniques to load sub techniques)
      • including a parent extra data (for sub-techniques to load parent technique)
  • Add API to list/filter attack-patterns
    • add a parent property to allow filtering by parent technique
  • Add API to create a procedure within a case
  • Add API to list case procedures
    • procedures query to be used on case objects and return lists of case procedures
    • update /api/v1/pattern/case/{case_id} to return the list of patterns instead of list of pattern ids
  • Add API to update a case procedure (description & occurence)
  • Add API to delete a case procedure
  • Filter imported patterns (keep only attack-pattern)
  • Importing a new pattern file should also update existing patterns
  • Rename procedure.occurence to procedure.occurDate
  • Add patternId property to procedure in /api/v1/describe to allow filtering procedures by pattern
  • Add a tactic field to procedure model + its corresponding property for filtering
  • Make procedure.description optional
  • Add a patternParent extraData to the listProcedure query

FE

  • Add administration UI
    • List + filters patterns
    • Pattern details dialog
  • Add case procedures section
    • Add a procedure to a case
    • List + filter case procedures
    • Allow update procedure.occurDate
    • Display procedure dates
  • Add procedure display directive in the flow section

QA

  • check handling of revoked patterns

Metadata

Metadata

Assignees

Labels

TheHive4TheHive4 related issuesfeature request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions