mitre-attack / attack-navigator Goto Github PK
View Code? Open in Web Editor NEWWeb app that provides basic navigation and annotation of ATT&CK matrices
Home Page: https://mitre-attack.github.io/attack-navigator
License: Apache License 2.0
Web app that provides basic navigation and annotation of ATT&CK matrices
Home Page: https://mitre-attack.github.io/attack-navigator
License: Apache License 2.0
As a user I would like the ability to select a technique that spans multiple tactic categories but only have the selection be for a specific tactic and then be able to annotate just that instance of the technique.
For example, I want to be able to select "Exploitation of Vulnerability" under "Persistence" but not the other three tactics it falls under and give that one score/color/comment and then select "Exploitation of Vulnerability" under "Credential Access" and give it a completely different set of annotations, with the other two instances of the technique unaffected.
This requires discussion with the ATT&CK team as it may imply a need to uniquely identify tactics by ID or techniques within a specific tactic by ID.
This would allow users to select a "super-compact" view of the matrix that consists solely of small rectangular boxes (colored as appropriate) without any labels for either tactics or techniques.
The navigator does not seem to update with the newest tactic added, initial access, from the April 2018 update.
Would it be possible to include a layer for shapes (e.g. circles/ovals) to highlight specified techniques in addition to colors. For example, you may color techniques based on your defensive coverage, and then add a set of colored circles on top of that to visualize the techniques used by a threat.
Removal of this header can help the navigator fit when embedded into an ipanel.
Create a tutorial document for new users of the Navigator. Topics could include:
Basics: exploring tactics and techniques, view filtering, layer save & load
Multi-select of techniques: by group, software, etc.
Technique annotation: comments, coloring & scoring techniques
Using color gradients & scores
Merging layers with the Navigator: basic & advanced uses
Dragging a file over the navigator interface should display a "drop to upload" prompt. Dropping will attempt to parse the file as a layer and open in a new tab if it is valid.
Front page documentation has references to layer format v1.0.
The color picker should have suggested (preset) colors populated from the table.
Hello,
I can no longer load the attack navigator that you are hosting. It looks like some dependencies related to taxii is failing to load.
Here is the console output from Chrome:
cti-taxii.mitre.org/stix/collections/062767bd-02d2-4b72-84ba-56caef0f8658/objects/? Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR vendor.3d20af49696ada3796ea.bundle.js:1 ERROR Error: fetch error: TypeError: Failed to fetch at fetchTimeout.then.catch.e (main.5f1dd1c9fee06079d0b5.bundle.js:1) at t.ZSR1.t.invoke (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at Object.onInvoke (vendor.3d20af49696ada3796ea.bundle.js:1) at t.ZSR1.t.invoke (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at n.ZSR1.n.run (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at polyfills.eda932d1fd6342a9adeb.bundle.js:1 at t.ZSR1.t.invokeTask (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at Object.onInvokeTask (vendor.3d20af49696ada3796ea.bundle.js:1) at t.ZSR1.t.invokeTask (polyfills.eda932d1fd6342a9adeb.bundle.js:1) at n.ZSR1.n.runTask (polyfills.eda932d1fd6342a9adeb.bundle.js:1) mt @ vendor.3d20af49696ada3796ea.bundle.js:1 cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/objects/? Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
This would allow a developer of other web apps and webpages to embed a Navigator instance, potentially with many of the features such as technique annotating disabled and not visible.
I can't get the Navigator v2 to work in Microsoft Edge. It works like a charm in Chrome, but in Edge I'm getting the following error when trying to open https://mitre.github.io/attack-navigator/enterprise/:
SCRIPT1005: Expected '('
main.5f1dd1c9fee06079d0b5.bundle.js (1,173241)
I'm getting the same error when using my local version. The readme page says Edge is supported, is this a bug or did you drop support for Edge?
Scripts and example files in layers/
are outdated (layer format v1.0) and need to be updated.
We should build a list of the set of layers that we think should be generated and published with each ATT&CK update and then create a process to generate these layers.
An example of this is creating layers that cover process information or command-line arguments for techniques those particular data sources apply to. A similar layer generation process could also be used to create layers based on mitigations.
Add a new dropdown in the "create layer from other layers" interface that allows the user to import the legend from another layer, just like the user can import filters, comments and so on.
In addition to the existing methods of accessing the ATT&CK content, the Navigator should be configured to use the TAXII 2.0 protocol to retrieve ATT&CK content from a specified TAXII url.
If the URL of a layer hosted on the web is specified in the navigator URL's query string, the navigator should load that layer when it opens.
For example, if the user wanted to encode a URL so that the *Bear APTs layer is present when the navigator first opens, it might look like the following:
https://mitre.github.io/attack-navigator/enterprise/?layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fmitre%2Fattack-navigator%2Fmaster%2Flayers%2Fdata%2Fsamples%2FBear_APT.json
We need to update the README to explain how to use local STIX/json files to populate the Navigator.
Consider supporting the ability for users to associate arbitrary name-value pairs with a technique in a layer in addition to the existing metadata such as score, manually-assigned colors, comments, etc.
I know this isn't likely something mitre should address but I have spent hours trying to install NODE.JS. There are permission issues with installing NODE.JS from the link provided from the install directions. I still can't get past this. Thanks.
Use a query string in the navigator URL to specify a set of features to disable, such as tabs, annotations or specific layer controls. This feature would go hand in hand with #13, allowing the user to embed a feature-minimal navigator instance.
This will allow the universal application functionality to be maintained with each change/addition.
As a user I want to be able to export the main Navigator view to MS Excel format.
This would allow a user to specify a default layer that will be shown every time the Navigator is opened, without having to manually upload it every time.
I have successfully deployed the Attack navigator , but only accessing if we give localhost:4200. How can we assign IP address or remotely access the by something like 192.168.1.32:4200
To help the tactics row stand out in the metrics and create clearer visualizations for export, let's make the background color configurable. By default, we can use a shade of blue for the tactics row. The exported images will need to preserve this color too.
If you upload a layer with "hideDisabled": true
(hiding disabled techniques), but any number of techniques are missing the tactic field, the layer will upload such that any disabled techniques (which should be hidden) are still visible. The visibility is fixed on tab change.
Here (BruteForce.json.zip) is an example broken layer file. It should, on upload, show only the technique named "brute force." However, because of the bug it shows all of the techniques as disabled even though the hideDisabled button is correctly enabled.
The topmost technique, T1156, is missing its tactic field (usually "tactic": "persistence"
). Re-adding this field makes the layer file display as expected, but without it all techniques are visible.
One example is would be to enable users to show techniques that you can detect if you have a certain data source. Another example would be to show techniques by required permissions, but in reality it might make sense to do it for many of the tagged value lists in ATT&CK.
On click, for each selected technique, this feature would remove:
Users should be able to print, export and render the current view of the matrix.
Users should be able to disable the legends feature in the "create customized navigator" interface.
assets/config.json
. This will automatically populate the "create customized navigator" interface.*ngIf="configService.getFeature('legends')
to the legends html container to facilitate removal when specified in the config.A user has mentioned that it would be nice if layer controls could have an option to enable "auto-save" so you don't lose your work.
The README should be updated to explain to users the purpose of the assets/tacticsData.json file and how it may be manipulated.
If the user uploads a layer file with a version number that is not the current layer version expected by the ATT&CK Navigator, an alert should display which states that some of the layer configurations may not be restored and that the default value will be used in those fields.
The idea of being able to associate two independent scores with a given technique was raised with an external ATT&CK user.
As an example, this would allow a user to assign both a defensive coverage score (some quantification of how confident they are in their ability to detect the technique) and an adversary-prevalence score (some quantification of how frequently a given adversary uses that technique).
Given these two scores, the technique might be color-coded with the top-left being derived from the defensive score and the bottom-right color derived from the adversary score.
This would allow a user to specify a URL to load a layer from in addition to being able to open a local file.
Currently, all of the multi-selects are pre-defined in a drop down. It would be useful to be able to select multiple techniques at one time to toggle states, add background colors, etc.
Since the Navigator (rightly) doesn't define the semantics of what particular colors are intended to denote in a layer, consider adding the ability for the user to define an optional "legend" for a layer. This legend would allow the user to manually pick a color and associate descriptive text with that color. For example, a user might define a legend as follows:
(selecting red) "SEVERE Risk"
(selecting yellow) "MODERATE Risk"
(selecting green) "LOW Risk"
The Navigator could include the legend on print/export and provide an interface to add/edit the legend.
When exporting to SVG, it would be useful to be able to control whether or not the item counts are displayed under the tactic headings.
For applications where the Navigator will be embedded in a webpage and the various filter and layer and technique controls disabled, it would be useful to allow the developer to control click behavior. Specifically, it would be useful to allow the developer to disable the "normal" left & right click behavior and substitute a mode where any click on a technique in the matrix calls out to a configurable URL and passes the tactic and technique as parameters. This is similar to the feature where additional context menu items can be added.
As an administrator of Navigator instances, I would like the ability to customize the context menu that is brought up when you right-click on a technique. Specifically I would like to be able to configure the Navigator to add menu items to the end of the menu and specify a URL to call out when selected. The Navigator would pass info such as the technique ID, tactic, etc. as part of the URL.
Would it be possible to release this in a Docker container to make it easier for users to get started with the app.
We need to handle deprecated and revoked objects in the STIX content by not displaying them in the Navigator.
Deprecated objects contain the following attribute and value: "x_mitre_deprecated": true
Revoked objects contain the following attribute and value: "revoked": true
Using a score expression without any layer variables does not assign any scores to the resulting layer.
According to the tip on the help page section for the feature, "if you wanted a new layer where all techniques are scored 50, you could simply type 50 into the score expression input." This does not work in practice: writing a score expression as a constant (e.g 50) or an expression using only constants (e.g 25 + 25) yields a layer with no assigned scores.
The code for this feature is located in the layerLayerOperation method of viewmodels.service.
Presumably score expressions without variables can be found using regex or some other sort of check, and this edge case handled accordingly. There is already code to catch this edge case however it is apparently no longer working.
It would be helpful to allow storage / persistence of layers that are created. For example in my installation, I have saved off layers but every time I reload the site I have to re-upload the json file. Offering to save some server side, or have a default display would be helpful.
Going to https://mitre.github.io/attack-navigator/enterprise/ results in no Matrix being loaded.
Opening developer tools shows the site trying to load some files from Github that fail due to origin policies.
The Navigator could be configured to support a user manually reordering the tactic columns within a layer (e.g. moving "Persistence" so that it appears to the right of "Privilege Escalation").
It could also be configured to allow the user to manually toggle the visibility of individual tactic columns.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.