Feature #4559: Tags for rules that enables mapping to Mitre Att&ck - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4559

open

AS CT

Tags for rules that enables mapping to Mitre Att&ck

Feature #4559: Tags for rules that enables mapping to Mitre Att&ck

Added by Andreas Stenberg over 4 years ago. Updated almost 2 years ago.

Status:

New

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

Difficulty:

Label:

Description

As a user of Suricata I would like for it to have an official support for mapping the rules to the Mitre Att&ck framework, i.e. what Tactic and Technique in the framework that the rules maps to. I believe this would enable security teams all around the world to get a better understanding of the coverage a given rule gives. It is sort of what this project is trying to accomplish: https://github.com/0xtf/nsm-attack

From my perspective I see it as an equivalent to the "msg" field but with a more specific usage.

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#1

Assignee set to Community Ticket
Target version set to TBD

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #4559

Tags for rules that enables mapping to Mitre Att&ck

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#1

Project

General

Profile

Suricata

Custom queries

Feature #4559

Tags for rules that enables mapping to Mitre Att&ck

PA Updated by Philippe Antoine almost 2 years ago ActionsCopy link #1

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#1