As a user, I want it to be easy to navigate around the ATT&CK website including across domains.

Objects with domains (e.g techniques, tactics and mitigations) have a domain selection dropdown button above the sidenav. We should refactor this to be part of the sidenav itself, thereby allowing users to access the object domain lists of other domains.

For example, on the mitigations page, we would have:

Mitigations
Enterprise
    - Account Use Policies
    - Active Directory Configuration
    - ...
Mobile
    - Application Developer Guidance
    - Application Vetting
    - ...

The domain-section headers can serve as links to the domain overview pages for the object type. This new design will be more consistent with the matrices page sidenav.

Good afternoon ATT&CK team,

I was giving a try to the build, and after running python3 update-attack.py -c -b, I got the following error:

Clean Build            : ---------------------------------------- 0.59s      
Downloading STIX Data  : ---------------------------------------- 1.18s      
Initializing Data      : ---------------------------------------- 37.38s      
Index Page             : ---------------------------------------- 0.35s      
Group Pages            : ---------------------------------------- 3.07s      
Software Pages         : ---------------------------------------- 8.63s      
Technique Pages        : ---------------------------------------- 7.11s      
Matrix Pages           : ---------------------------------------- 7.99s      
Tactic Pages           : ---------------------------------------- 0.79s      
Mitigation Pages       : ---------------------------------------- 0.45s      
Contribute Page        : ---------------------------------------- 0.10s      
Resources Page         : ---------------------------------------- 0.00s      
Redirection Pages      : ---------------------------------------- 0.50s      
Search Index           : ---------------------------------------- 148.65s      
Previous Versions      : ---------------------------------------- 9.07s      
Pelican Content        : ---------------------------------------- Running...CRITICAL: TemplateSyntaxError: Encountered unknown tag 'assets'. Jinja was looking for the following tags: 'endblock'. The innermost block that needs to be closed is 'block'.
Traceback (most recent call last):
  File "update-attack.py", line 282, in <module>
    update(args)
  File "update-attack.py", line 149, in update
    generate.pelican_content()
  File "/opt/ATTACK/modules/generate.py", line 107, in pelican_content
    returned_out = subprocess.check_output("pelican content -q", shell=True)
  File "/usr/lib/python3.6/subprocess.py", line 356, in check_output
    **kwargs).stdout
  File "/usr/lib/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command 'pelican content -q' returned non-zero exit status 1

Any idea how I can get to the template where Jinja is looking for endblock? Thank you in advance!

As a user, I'd like to have better feedback when using the search bar in the ATT&CK website. Some suggested improvements:

1. Bigger search bar and list of results
2. Possibility to filter results: only techniques, only enterprise, only windows, hide deprecated, etc.
3. Visual highlight of the different types of results: enterprise vs mobile, technique vs tactic

As a user, I want sub-techniques and techniques to only show up in matrices which match their platform tags. Currently sub-techniques show under their parents regardless of which platform-matrix they're being shown on, leading to (for example) mac-specific subtechniques being shown under the Windows matrix.

As a user of the ATT&CK website, I want to see correct data on the sub-techniques cards. There is currently a mismatch on the sub-techniques cards from the JSON data. It appears that they are inheriting values from their sub-technique siblings.

As a user of the ATT&CK Website, I want to be able to visit the FAQ to find common questions about ATT&CK, including sub-techniques.

We should add the following entries to the FAQ:

• What is a sub-technique?
• What is the difference between a sub-technique and a procedure?

As a user of the ATT&CK website, I want to see accurate legal language relfecting the status of the ATT&CK trademark.

Update the trademark language to MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation..

As a user of the ATT&CK website, I want to be able to use the browser of my choice without running into compatibility issues.

The WIP subtechniques matrix on the feature/subtechniques branch seems to have layout issues in firefox. This is probably a css issue. We need to do compatibility testing to ensure that it works properly in all browsers.

The flat layout works fine, only the side layout seems to have issues.

As a user of the ATT&CK website, I want to be able to see matrix timestamps showing when the ATT&CK content has last updated. These timestamps should take into account subtechniques.

As aa user of the ATT&CK website, I want to be able to set up a simple clone of the site using docker.

The project cannot be cloned on Windows platforms, due to the ":" placed in the names of some folders (example path: plugins/caltack/static/attack-website/mobile/index.php/Manual:Copyright)

On the sub-techniques branch, every matrix-page says "matrices" even if there's only one matrix on the page. This is being caused by an off-by-one error on the pluralization code: https://github.com/mitre-attack/attack-website/blob/feature/subtechniques/attack-theme/templates/matrices/matrix.html#L50

As a user of the ATT&CK website, I want to be able to find training information for how to use ATT&CK.

The URLs will follow this format:

/resources/training (landing page)
                   /cti (topic intro)
                       /exercise1
                       /exercise2
                       /exercise3
                       /exercise4
                   /mappings (topic intro)
                       /exercise1
                       /exercise2
                       /exercise3
                       /exercise4
                   (etc)

Redirects will be created from /training to /resources/training and from /training/topic to /resources/training/topic for each topic.

These pages should make use of the sidebar macro for navigation. Each exercise should have a "previous" and "next" exercise button under the exercise content.

As a user of the ATT&CK website, I want to be able to know what version of the website and content is displayed on the previous versions pages.

Relies on mitre/cti#66. See also #10.

As a provider of the ATT&CK website, I want the google analytics and google-site-verification to only exist on the official instance of the ATT&CK website. Instances created by users of the source code should not include google analytics or google-site-verification.

As a developer of the ATT&CK website, I want to be able to read guidance about how to go about developing the site.

We should add a tools (tips?) for developing the website section to the readme under Implementation Overview section, which can go over common implementation stuff. Notably we can use this section to explain how module cherrypicking with the -b flag works.

As a user of the ATT&CK Website, I want to be able to set links to the ATT&CK Navigator (e.g the buttons on Matrix pages, the technique usage links on group and software pages) to point to a local instance. Currently they will always lead to the official MITRE hosted instance.

This will allow users with custom STIX to host a Navigator instance with the custom STIX alongside an instance of this website with the custom STIX.

We will need to provide config options for both the enterprise and mobile instances.

Refactor update-attack.py to only run modules that are stored in the modules folder.
Add optional flag --modules that will run selected modules.

The website toolbar will be built depending on the available modules.

I don't if anyone maintain this repo, It seems there is a typo in T1155.
As in the website, the last sentence introducing AppleScript is：

Scripts can be run from the command lie via osascript /path/to/script or osascript -e "script here".

I guess it should be command line rather than command lie，command lie doesn't make sense.
Please check for it.

For technique.py, tactic.py, and mitigation.py:

1. Create a directory for each python script under the modules folder and add their own configuration file.
   E.g:

modules/
      techniques/
                techniques.py
                techniques_config.py

2. Add module independent variables to {techniques, tactics, mitigations}_config.py

• {techniques, tactics, matrices}_config.py requires module independent variables from config.py.

3. Use getters for shared variables.

• For example, technique.py uses shared variable config.related_techniques. This should be updated to get related_techniques from util/relationshipgetters.py.

4. Move relevant content markdown files into resources module. See #68.

5. If the module does not generate a website object, make sure to remove it from the menu of the website.

As a visitor to the ATT&CK website, I want to be able to find an up-to-date roadmap of upcoming ATT&CK changes.

The current ATT&CK roadmap on the resources/general-information page is outdated. We should update it with the latest version.

As a user, I want it to be easy to find the TAXII server URL and usage documentation from the ATT&CK website.

Because of how citations work, in some places broken citations will show up as an empty reference in the external references table without leaving (Citation: on the built page. This means our citation tests never detects an issue.

To reproduce, replace APT18 in the STIX data with this intentionally broken object:

        {
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "APT18",
            "description": "[APT18](https://attack.mitre.org/groups/G0026) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. (Citation: Dell Lateral Movemente)",
            "type": "intrusion-set",
            "aliases": [
                "APT18",
                "TG-0416",
                "Dynamite Panda",
                "Threat Group-0416"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "intrusion-set--38fd6a28-3353-4f2b-bb2b-459fecd5c648",
            "external_references": [
                {
                    "external_id": "G0026",
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0026"
                },
                {
                    "source_name": "APT18",
                    "description": "(Citation: ThreatStream Evasion Analysis)(Citation: Anomali Evasive Maneuvers July 2015)"
                },
                {
                    "source_name": "TG-0416",
                    "description": "(Citation: ThreatStream Evasion Analysis)(Citation: Anomali Evasive Maneuvers July 2015)"
                },
                {
                    "source_name": "Dynamite Panda",
                    "description": "(Citation: ThreatStream Evasion Analysis)(Citation: Anomali Evasive Maneuvers July 2015)"
                },
                {
                    "source_name": "Threat Group-0416",
                    "description": "(Citation: ThreatStream Evasion Analysis)"
                },
                {
                    "source_name": "Dell Lateral Movement",
                    "description": "Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.",
                    "url": "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/"
                },
                {
                    "source_name": "ThreatStream Evasion Analysis",
                    "description": "Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.",
                    "url": "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop"
                },
                {
                    "source_name": "Anomali Evasive Maneuvers July 2015",
                    "description": "Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.",
                    "url": "https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop"
                }
            ],
            "modified": "2019-05-30T18:05:32.461Z",
            "x_mitre_version": "2.0",
            "created": "2017-05-31T21:31:57.733Z"
        },

Example of how this is represented:

As a visitor to the ATT&CK website, I want to be able to see information about ATT&CKcon 2019 on the ATT&CKcon page.

On the cloud matrix page, the lefthand side-navigation initial state has the enterprise tree-node closed. This hides the active tree-node (cloud) from the view until enterprise is manually expanded.

The correct behavior is that the side-navigation initial state always shows the active tree-node by expanding all parent nodes of the active tree-node.

As a user of the ATT&CK website, I want to be able to see subtechniques in the navigation elements.

Add subtechniques to the techniques sidenavs under their parent technique, and in the master techniques list nested under their parent technique.

Technique List Mockups

Note: using fake data for names, IDs and descriptions.

Option 1 (full rows)

1.1

1.2

Option 2 (indented rows)

2.1

2.2

Option 3 (nested rows)

3.1

3.2

On the side-navigation of the software pages, the header text reads sofware instead of software.

As a user of the ATT&CK website, I want to see up-to-date copyright information.

Update the copyright date to 2020 in the footer and on the terms of use page.

Remove all static markdown from the content folder. It should all be dynamically generated by the relevant module(s).

For example, content/pages/updates/ should be moved into the resources module.

https://attack.mitre.org/software/S0109/
WEBC2 is just a generic term for APT1 implants that use HTTP/HTML based C&C mechanisms.

Suggested change:
WEBC2 is a backdoor used by APT1 -> WEBC2 is malware used by APT1

As a visitor to the ATT&CK website, I want to be able to see descriptive pages for data sources and defenses bypassed instead of a simple string list.

1. On technique pages, Data Sources and Defenses Bypassed should be formatted as a list of hyperlinks, these hyperlinks leading to the pages for those individual data sources and defenses bypassed. These links can stay in the technique-data card since there is no description on the relationship.
2. On Data Source and Defense Bypassed pages, have a list of techniques using the data source or bypassing the defense, just like how the mitigations pages are now showing them.

This will require adding new STIX objects for defenses bypassed and data sources on the MITRE/CTI repo.

As a user of the ATT&CK website, I want to see accurate legal language reflecting the status of the ATT&CK trademark.

The FAQ section, "How Should I reference the name ATT&CK", needs to be updated to reflect that ATT&CK is now a registered trademark.

As a user of the ATT&CK website, I want to know when a given object (technique, group, mitigation, etc) was created and last updated.

We should add a created and updated field to the card on object pages.

• created should show the earliest created field value for the object and any relationships with the object (discounting relationships with deprecated and revoked objects).
• updated should show the latest modified field value for the object and any relationships with the object (discounting relationships with deprecated and revoked objects).

Dates should be displayed as %d %B %Y, e.g 04 December 2019.

As a user of the ATT&CK website, I want to see accurate legal language relfecting the status of the ATT&CK trademark.

All instances of ATT&CK™ should be updated with ATT&CK®. See Butterick's Practical Typography for best practices on placement.

As a user of ATT&CK, I want to be able to see the most up-to-date version of the content on the website.

ATT&CK content on the MITRE/CTI repo updated to v6.2 today, we should update this repo to match.

Currently the site is built so that it would be in the root of a domain, e.g attack.mitre.org/. However, if the site were to be deployed to a sub-path, e.g example.com/attack-site/, we need a way of configuring it so that the absolute hyperlinks work properly. In this example, the link /techniques/ would link to example.com/techniques/ where it should link to example.com/attack-site/techniques/.

Depending on how this is done it may affect the link-parsing in the previous-versions feature.

As a visitor to the ATT&CK website, I want to be able to learn about how ATT&CK relates to other models.

For software.py, group.py, and matrix.py:

1. Create a directory for each python script under the modules folder and add their own configuration file.
   E.g:

modules/
       software/
                software.py
                software_config.py

2. Add module independent variables to {software, groups, matrices}_config.py

• {software, groups, matrices}_config.py requires module independent variables from config.py.

3. Use getters for shared variables.

• For example, software.py uses shared variable config.groups_using_malware. This should be updated to get groups_using_malware from util/relationshipgetters.py.

4. Move relevant content markdown files into modules. See #68.

5. If the module does not generate a website object, make sure to remove it from the menu of the website.

As a user of the ATT&CK website, I want to see accurate legal language reflecting the status of the ATT&CK trademark.

Update the readme to say ATT&CK® instead of ATT&CK™.

As a user of the ATT&CK website with custom STIX, I want to be able to see a summary of my local STIX changes the same way I can view summaries of previous ATT&CK updates. The "STIX changes" would be the differences (additions, deletions, changes, etc) between the STIX found on the MITRE/CTI repo and the STIX found in the /data/stix/ folder.

We should add a new page, possibly under /resources/updates/, automatically showing local STIX changes. It should also include layer links like the "Navigator Layer" buttons on group/software pages.

This feature should be optional. A build flag should be required to explicitly indicate that the page should be built.

As a user of the ATT&CK website, I want the layers shown on the groups/software pages to support subtechniques.

This feature should not be worked on until https://github.com/mitre-attack/attack-navigator/milestone/3 is complete.

As a user, I want to be able to see the subtechniques of a technique when on the technique page.

As a user, I want to be able to tell whether a relationship from a group/software/mitigation points to a subtechnique or technique.

We should redo the relationship tables (using a macro to avoid code duplication) to differentiate parent techniques from subtechniques. If a relationship exists with one or more subtechniques under a single parent (but not the parent itself), it should group them under the parent technique but mark the parent technique in such a way to make it obvious that it does not have a relationship (e.g by deemphasizing thet text).

As a user of the ATT&CK website, I want to see accurate legal language reflecting the status of the ATT&CK trademark.

Update the wordmarks (logos) to include ® instead of ™.

The sticky footer on the website is unreliable at certain screen resolutions. We should refactor the sticky-footer code to fix the tendency to cover up content or position itself incorrectly in certain scenarios.

The concept of the sticky footer is that it should appear at the bottom of the screen if the page is less than the height of the view (example), or at the bottom of the content if the page is more than the height of the view (example).

A function in site.js is used to reposition the sticky footer whenever the page resizes, to catch cases where the page is resized and the breakpoint of page height > view height is crossed.

Unfortunately, this page resize function doesn't catch all page resizes. For example, it doesn't catch cases where an expansion/accordion panel increases the page height. This can lead to issues where the footer is rendered on top of and thereby obscuring page content.

We should fix this issue by refactoring the methodology for the footer positioning. Instead of using javascript to toggle the footer sticky-ness according to page height, we should simply use a flex layout to grow the page content to the height of the view if it were shorter than the view. The footer would then statically occur at the bottom of the page content, and the flex functionality would position it at the bottom of the page due to the behavior of flex-grow.

In other words, growing the height of the HTML to actually fill the page, instead of only being the height of the content as it is currently:

As a user, I want to be able to visit pages for each subtechnique on the website. I want to be able to see the parent technique, as well as sibling subtechniques, from that page.

There's a minor typo (an }) in the Cardinal RAT reference for T0160.

As a user of the ATT&CK website, I want to be able to tell what version of the site I'm viewing.

The website and content (ATT&CK STIX) version numbers, as seen in the changelog, should be added to the website in the footer. It should be deemphasized using the on-color-deemphasis scss utility so that it does not draw undue attention.

As a user of the ATT&CK Subtechniques matrix, I want to be able to quickly expand all or collapse all subtechnique-containing techniques in the matrix. I want a button to be provided which facilitates this functionality.

As a user of the ATT&CK website, I want to be able to be shown an automated, interactive tour of the new subtechniques features so that I can learn about what parts of the website are affected with that update.