The README should be updated to explain to users the purpose of the assets/tacticsData.json file and how it may be manipulated.

If the user uploads a layer file with a version number that is not the current layer version expected by the ATT&CK Navigator, an alert should display which states that some of the layer configurations may not be restored and that the default value will be used in those fields.

I can't get the Navigator v2 to work in Microsoft Edge. It works like a charm in Chrome, but in Edge I'm getting the following error when trying to open https://mitre.github.io/attack-navigator/enterprise/:

SCRIPT1005: Expected '('
main.5f1dd1c9fee06079d0b5.bundle.js (1,173241)

I'm getting the same error when using my local version. The readme page says Edge is supported, is this a bug or did you drop support for Edge?

On click, for each selected technique, this feature would remove:

• comment
• score
• color
• enabled-disabled states

We need to handle deprecated and revoked objects in the STIX content by not displaying them in the Navigator.

Deprecated objects contain the following attribute and value: "x_mitre_deprecated": true
Revoked objects contain the following attribute and value: "revoked": true

As a user I would like the ability to select a technique that spans multiple tactic categories but only have the selection be for a specific tactic and then be able to annotate just that instance of the technique.

For example, I want to be able to select "Exploitation of Vulnerability" under "Persistence" but not the other three tactics it falls under and give that one score/color/comment and then select "Exploitation of Vulnerability" under "Credential Access" and give it a completely different set of annotations, with the other two instances of the technique unaffected.

This requires discussion with the ATT&CK team as it may imply a need to uniquely identify tactics by ID or techniques within a specific tactic by ID.

It would be helpful to allow storage / persistence of layers that are created. For example in my installation, I have saved off layers but every time I reload the site I have to re-upload the json file. Offering to save some server side, or have a default display would be helpful.

We should build a list of the set of layers that we think should be generated and published with each ATT&CK update and then create a process to generate these layers.

An example of this is creating layers that cover process information or command-line arguments for techniques those particular data sources apply to. A similar layer generation process could also be used to create layers based on mitigations.

Users should be able to disable the legends feature in the "create customized navigator" interface.

• Add a new object named "legends" in the features array in assets/config.json. This will automatically populate the "create customized navigator" interface.
• Add an *ngIf="configService.getFeature('legends') to the legends html container to facilitate removal when specified in the config.

Front page documentation has references to layer format v1.0.

Would it be possible to release this in a Docker container to make it easier for users to get started with the app.

If the URL of a layer hosted on the web is specified in the navigator URL's query string, the navigator should load that layer when it opens.

For example, if the user wanted to encode a URL so that the *Bear APTs layer is present when the navigator first opens, it might look like the following:

https://mitre.github.io/attack-navigator/enterprise/?layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fmitre%2Fattack-navigator%2Fmaster%2Flayers%2Fdata%2Fsamples%2FBear_APT.json

Going to https://mitre.github.io/attack-navigator/enterprise/ results in no Matrix being loaded.

Opening developer tools shows the site trying to load some files from Github that fail due to origin policies.

Removal of this header can help the navigator fit when embedded into an ipanel.

Hello,

I can no longer load the attack navigator that you are hosting. It looks like some dependencies related to taxii is failing to load.

Here is the console output from Chrome:
cti-taxii.mitre.org/stix/collections/062767bd-02d2-4b72-84ba-56caef0f8658/objects/? Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR vendor.3d20af49696ada3796ea.bundle.js:1 ERROR Error: fetch error: TypeError: Failed to fetch at fetchTimeout.then.catch.e (main.5f1dd1c9fee06079d0b5.bundle.js:1) at t.ZSR1.t.invoke (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at Object.onInvoke (vendor.3d20af49696ada3796ea.bundle.js:1) at t.ZSR1.t.invoke (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at n.ZSR1.n.run (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at polyfills.eda932d1fd6342a9adeb.bundle.js:1 at t.ZSR1.t.invokeTask (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at Object.onInvokeTask (vendor.3d20af49696ada3796ea.bundle.js:1) at t.ZSR1.t.invokeTask (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at n.ZSR1.n.runTask (polyfills.eda932d1fd6342a9adeb.bundle.js:1) mt @ vendor.3d20af49696ada3796ea.bundle.js:1 cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/objects/? Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR

I know this isn't likely something mitre should address but I have spent hours trying to install NODE.JS. There are permission issues with installing NODE.JS from the link provided from the install directions. I still can't get past this. Thanks.

A user has mentioned that it would be nice if layer controls could have an option to enable "auto-save" so you don't lose your work.

This would allow a user to specify a default layer that will be shown every time the Navigator is opened, without having to manually upload it every time.

This would allow a developer of other web apps and webpages to embed a Navigator instance, potentially with many of the features such as technique annotating disabled and not visible.

In addition to the existing methods of accessing the ATT&CK content, the Navigator should be configured to use the TAXII 2.0 protocol to retrieve ATT&CK content from a specified TAXII url.

This will allow the universal application functionality to be maintained with each change/addition.

Use a query string in the navigator URL to specify a set of features to disable, such as tabs, annotations or specific layer controls. This feature would go hand in hand with #13, allowing the user to embed a feature-minimal navigator instance.

Users should be able to print, export and render the current view of the matrix.

As an administrator of Navigator instances, I would like the ability to customize the context menu that is brought up when you right-click on a technique. Specifically I would like to be able to configure the Navigator to add menu items to the end of the menu and specify a URL to call out when selected. The Navigator would pass info such as the technique ID, tactic, etc. as part of the URL.

Since the Navigator (rightly) doesn't define the semantics of what particular colors are intended to denote in a layer, consider adding the ability for the user to define an optional "legend" for a layer. This legend would allow the user to manually pick a color and associate descriptive text with that color. For example, a user might define a legend as follows:
(selecting red) "SEVERE Risk"
(selecting yellow) "MODERATE Risk"
(selecting green) "LOW Risk"

The Navigator could include the legend on print/export and provide an interface to add/edit the legend.

Scripts and example files in layers/ are outdated (layer format v1.0) and need to be updated.

Dragging a file over the navigator interface should display a "drop to upload" prompt. Dropping will attempt to parse the file as a layer and open in a new tab if it is valid.

The Navigator could be configured to support a user manually reordering the tactic columns within a layer (e.g. moving "Persistence" so that it appears to the right of "Privilege Escalation").

It could also be configured to allow the user to manually toggle the visibility of individual tactic columns.

The navigator does not seem to update with the newest tactic added, initial access, from the April 2018 update.

What's wrong

If you upload a layer with "hideDisabled": true (hiding disabled techniques), but any number of techniques are missing the tactic field, the layer will upload such that any disabled techniques (which should be hidden) are still visible. The visibility is fixed on tab change.

How to reproduce

1. Create a new layer file.
2. Turn on hiding disabled techniques
3. Disable any number of techniques (for ease of testing, disable all but 1)
4. Download this layer to local json
5. remove the tactic field of 1 technique.
6. upload the layer

Example

Here (BruteForce.json.zip) is an example broken layer file. It should, on upload, show only the technique named "brute force." However, because of the bug it shows all of the techniques as disabled even though the hideDisabled button is correctly enabled.

The topmost technique, T1156, is missing its tactic field (usually "tactic": "persistence"). Re-adding this field makes the layer file display as expected, but without it all techniques are visible.

Consider supporting the ability for users to associate arbitrary name-value pairs with a technique in a layer in addition to the existing metadata such as score, manually-assigned colors, comments, etc.

The idea of being able to associate two independent scores with a given technique was raised with an external ATT&CK user.

As an example, this would allow a user to assign both a defensive coverage score (some quantification of how confident they are in their ability to detect the technique) and an adversary-prevalence score (some quantification of how frequently a given adversary uses that technique).

Given these two scores, the technique might be color-coded with the top-left being derived from the defensive score and the bottom-right color derived from the adversary score.

When exporting to SVG, it would be useful to be able to control whether or not the item counts are displayed under the tactic headings.

This would allow users to select a "super-compact" view of the matrix that consists solely of small rectangular boxes (colored as appropriate) without any labels for either tactics or techniques.

Create a tutorial document for new users of the Navigator. Topics could include:

• Basics: exploring tactics and techniques, view filtering, layer save & load

• Multi-select of techniques: by group, software, etc.

• Technique annotation: comments, coloring & scoring techniques

• Using color gradients & scores

• Merging layers with the Navigator: basic & advanced uses

We need to update the README to explain how to use local STIX/json files to populate the Navigator.

1. Put the files in “src/assets” in the navigator code. This will tell the server hosting the navigator to host the data as well.
2. Change “enterprise_attack_url” (and mobile and pre-attack depending on what you're trying to do) in “src/assets/config.json” to the path to the file (probably something like “/assets/enterprise-attack.json”
3. Also in that file, change “taxii_server -> enabled” to false

To help the tactics row stand out in the metrics and create clearer visualizations for export, let's make the background color configurable. By default, we can use a shade of blue for the tactics row. The exported images will need to preserve this color too.

I have successfully deployed the Attack navigator , but only accessing if we give localhost:4200. How can we assign IP address or remotely access the by something like 192.168.1.32:4200

The color picker should have suggested (preset) colors populated from the table.

1. include all manually assigned colors
2. include gradient steps if the user has assigned a score to any technique.

Would it be possible to include a layer for shapes (e.g. circles/ovals) to highlight specified techniques in addition to colors. For example, you may color techniques based on your defensive coverage, and then add a set of colored circles on top of that to visualize the techniques used by a threat.

This would allow a user to specify a URL to load a layer from in addition to being able to open a local file.

One example is would be to enable users to show techniques that you can detect if you have a certain data source. Another example would be to show techniques by required permissions, but in reality it might make sense to do it for many of the tagged value lists in ATT&CK.

Add a new dropdown in the "create layer from other layers" interface that allows the user to import the legend from another layer, just like the user can import filters, comments and so on.

For applications where the Navigator will be embedded in a webpage and the various filter and layer and technique controls disabled, it would be useful to allow the developer to control click behavior. Specifically, it would be useful to allow the developer to disable the "normal" left & right click behavior and substitute a mode where any click on a technique in the matrix calls out to a configurable URL and passes the tactic and technique as parameters. This is similar to the feature where additional context menu items can be added.

What doesn't work

Using a score expression without any layer variables does not assign any scores to the resulting layer.

According to the tip on the help page section for the feature, "if you wanted a new layer where all techniques are scored 50, you could simply type 50 into the score expression input." This does not work in practice: writing a score expression as a constant (e.g 50) or an expression using only constants (e.g 25 + 25) yields a layer with no assigned scores.

Steps to reproduce

1. Open the "Creating layers from other layers" interface on a new tab.
2. Write an expression using only constants for the score expression, e.g 50 or 25+25.
3. The expected output should be that constant, or the result of the expression evaluated, for every technique.
4. Instead no techniques have scores in the output layer.

How to fix

The code for this feature is located in the layerLayerOperation method of viewmodels.service.
Presumably score expressions without variables can be found using regex or some other sort of check, and this edge case handled accordingly. There is already code to catch this edge case however it is apparently no longer working.

Currently, all of the multi-selects are pre-defined in a drop down. It would be useful to be able to select multiple techniques at one time to toggle states, add background colors, etc.

Putting a long comment on a technique at the bottom will cut off so you cannot see the rest of the comment. When you scroll it then flashes. This occurs in the latest Chrome.

As a user I want to be able to export the main Navigator view to MS Excel format.