Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Add MITRE ATT&CK support #1766

Closed
39 tasks done
nadouani opened this issue Jan 29, 2021 · 1 comment
Closed
39 tasks done

[Feature Request] Add MITRE ATT&CK support #1766

nadouani opened this issue Jan 29, 2021 · 1 comment
Assignees
@nadouani @rriclet @To-om
Labels
feature request TheHive4 TheHive4 related issues
Milestone
4.1.0

Comments

@nadouani
Copy link
Contributor

nadouani commented Jan 29, 2021
edited
Loading

Request Type

Feature Request

Problem Description

The goal of this feature is to add MITRE ATT&CK support in TheHive. The main objective is to allow users to enrich their incidents by assigning discovered attack patterns.

Features

BE

  • Add API to import attack-pattern catalog
    • include revoke=true
    • import x_mitre_detection
    • import x_mitre_platforms
    • import x_mitre_data_sources
    • import x_mitre_system_requirements
    • import x_mitre_permissions_required
    • import x_mitre_defense_bypassed
    • import x_mitre_remote_support
    • Add capecId & capecUrl properties to Pattern model
  • Add API to fetch an attack pattern details
    • add a getPattern query
      • including a children extra data (for techniques to load sub techniques)
      • including a parent extra data (for sub-techniques to load parent technique)
  • Add API to list/filter attack-patterns
    • add a parent property to allow filtering by parent technique
  • Add API to create a procedure within a case
  • Add API to list case procedures
    • procedures query to be used on case objects and return lists of case procedures
    • update /api/v1/pattern/case/{case_id} to return the list of patterns instead of list of pattern ids
  • Add API to update a case procedure (description & occurence)
  • Add API to delete a case procedure
  • Filter imported patterns (keep only attack-pattern)
  • Importing a new pattern file should also update existing patterns
  • Rename procedure.occurence to procedure.occurDate
  • Add patternId property to procedure in /api/v1/describe to allow filtering procedures by pattern
  • Add a tactic field to procedure model + its corresponding property for filtering
  • Make procedure.description optional
  • Add a patternParent extraData to the listProcedure query

FE

  • Add administration UI
    • List + filters patterns
    • Pattern details dialog
  • Add case procedures section
    • Add a procedure to a case
    • List + filter case procedures
    • Allow update procedure.occurDate
    • Display procedure dates
  • Add procedure display directive in the flow section

QA

  • check handling of revoked patterns
@nadouani nadouani added feature request TheHive4 TheHive4 related issues labels Jan 29, 2021
@nadouani nadouani added this to the 4.1.0 milestone Jan 29, 2021
nadouani added a commit that referenced this issue Jan 29, 2021
@nadouani
#1766 WIP: Add a section to manage attack pattern catalogs
839a7e1
rriclet added a commit that referenced this issue Feb 2, 2021
@rriclet
#1766 Added missing fields
14561f5
@rriclet
Copy link
Contributor

rriclet commented Feb 3, 2021
edited
Loading

Added parent & children extraData for patterns
2bb2618

rriclet added a commit that referenced this issue Feb 3, 2021
@rriclet
#1766 Added parent query property
a1081e8
rriclet added a commit that referenced this issue Feb 3, 2021
@rriclet
#1766 Added x_mitre_permissions_required
3abc59e
rriclet added a commit that referenced this issue Feb 4, 2021
@rriclet
#1766 Update route for procedure
d6af9cf
rriclet added a commit that referenced this issue Feb 5, 2021
@rriclet
#1766 Filtered non attack-patterns types on import
e66665b
rriclet added a commit that referenced this issue Feb 5, 2021
@rriclet
#1766 Added play.json extension & capecId / capecUrl
b819535
rriclet added a commit that referenced this issue Feb 8, 2021
@rriclet
#1766 Importing patterns now updates existing patterns
cfa0ca0
nadouani added a commit that referenced this issue Feb 11, 2021
@nadouani
#1766 Update pattern admin page to include more details in pattern modal
4d5e065
nadouani added a commit that referenced this issue Feb 11, 2021
@nadouani
#1766 Update revoked pattern display
0395890
To-om added a commit that referenced this issue Feb 11, 2021
@To-om
#1766 Add procedure query in case and extraData in procedure
c66164f
rriclet added a commit that referenced this issue Feb 15, 2021
@rriclet
#1766 Renamed procedure occurence to occurDate
bd1bcd9
rriclet added a commit that referenced this issue Feb 15, 2021
@rriclet
#1766 Added tactic field to procedure
683f108
rriclet added a commit that referenced this issue Feb 15, 2021
@rriclet
#1766 Added patternId property to procedure
189868c
rriclet added a commit that referenced this issue Feb 15, 2021
@rriclet
#1766 getCasePatterns returns patterns instead of ids
7f32df8
rriclet added a commit that referenced this issue Feb 15, 2021
@rriclet
#1766 fixed procedure unit tests
15fe024
rriclet added a commit that referenced this issue Feb 15, 2021
@rriclet
#1766 procedure description is optional
6afd5e2
nadouani added a commit that referenced this issue Feb 15, 2021
@nadouani
#1766 WIP: Add TTPs section to case details page
423c028
nadouani added a commit that referenced this issue Feb 16, 2021
@nadouani
#1766 WIP: Add TTP delete operation
52e6e9e
nadouani added a commit that referenced this issue Feb 16, 2021
@nadouani
#1766 WIP: Add TTP occur date update + quick sort menu
b479459
rriclet added a commit that referenced this issue Feb 16, 2021
@rriclet
#1766 Added patternParent to procedure
a6d5468
nadouani added a commit that referenced this issue Feb 17, 2021
@nadouani
#1766 WIP: Update TTP selection dialog and procedure list to include …
052b09c 
…sub techniques full name
rriclet added a commit that referenced this issue Feb 18, 2021
@rriclet
#1766 removed log error when wrong pattern type
a03ac68
nadouani added a commit that referenced this issue Feb 22, 2021
@nadouani
#1766 WIP: Add live stream procedure template
1c76cc2
rriclet added a commit that referenced this issue Feb 23, 2021
@rriclet
#1766 removed log error when wrong pattern type
5ce17d1
rriclet pushed a commit that referenced this issue Feb 23, 2021
@nadouani @rriclet
#1766 WIP: Add live stream procedure template
a3aa6ed
nadouani added a commit that referenced this issue Mar 1, 2021
@nadouani
#1766 Add a color scheme for mitre attack tactics
5e046ba
nadouani added a commit that referenced this issue Mar 5, 2021
@nadouani
#1670 #1766 Rearrange admin menu and take into account managePattern,…
c3e0cdd 
… manageTaxonomy and managePlatform in the app.index route
@nadouani nadouani self-assigned this Mar 8, 2021
nadouani added a commit that referenced this issue Mar 8, 2021
@nadouani
#1766 Remove useless action button from procedure list
7c8515a
To-om added a commit that referenced this issue Mar 9, 2021
@To-om
#1766 Add case and pattern data in stream when operation is related t…
cbe5f3d 
…o a procedure
nadouani added a commit that referenced this issue Mar 9, 2021
@nadouani
#1766 Fix the procedure related flow items
c17af93
@nadouani nadouani closed this as completed Mar 9, 2021
To-om added a commit that referenced this issue Mar 17, 2021
@To-om
#1766 Add procedureCount in case extraData
e404ddb
nadouani added a commit that referenced this issue Mar 17, 2021
@nadouani
#1766 Rearrange the list of TTPs
58cfda3
nadouani added a commit that referenced this issue Mar 17, 2021
@nadouani
#1766 Update TTP dialog and add case procedure count
768eaca
nadouani added a commit that referenced this issue Mar 18, 2021
@nadouani
#1766 Fix typo
20a1679
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadouani nadouani

@rriclet rriclet

@To-om To-om

Labels
feature request TheHive4 TheHive4 related issues
Projects
None yet
Milestone
4.1.0
Development

No branches or pull requests
3 participants
@nadouani @rriclet @To-om