diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json
index b54020fa8..cfd918e7a 100644
--- a/other/sigma_attack_nav_coverage.json
+++ b/other/sigma_attack_nav_coverage.json
@@ -1,7 +1,7 @@
{
"name": "Sigma Analytics Coverage",
"versions": {
- "attack": "17.0",
+ "attack": "18.1",
"navigator": "4.8.1",
"layer": "4.4"
},
@@ -17,64 +17,9 @@
},
"techniques": [
{
- "techniqueID": "T1531",
- "tactic": "impact",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.003",
- "tactic": "persistence",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.003",
- "tactic": "privilege-escalation",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.006",
+ "techniqueID": "T1070",
"tactic": "defense-evasion",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1566",
- "tactic": "initial-access",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1552",
- "tactic": "credential-access",
- "score": 11,
+ "score": 20,
"color": "",
"comment": "",
"enabled": true,
@@ -126,116 +71,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1098.001",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.001",
- "tactic": "privilege-escalation",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1586.003",
- "tactic": "resource-development",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556.006",
- "tactic": "credential-access",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556.006",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556.006",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1136.003",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.001",
- "tactic": "defense-evasion",
- "score": 113,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1213.003",
- "tactic": "collection",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1195.001",
- "tactic": "initial-access",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1020",
"tactic": "exfiltration",
@@ -247,83 +82,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1537",
- "tactic": "exfiltration",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1526",
- "tactic": "discovery",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556",
- "tactic": "credential-access",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556",
- "tactic": "defense-evasion",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556",
- "tactic": "persistence",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1567.001",
- "tactic": "exfiltration",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1070",
- "tactic": "defense-evasion",
- "score": 20,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1490",
"tactic": "impact",
@@ -338,7 +96,7 @@
{
"techniqueID": "T1190",
"tactic": "initial-access",
- "score": 140,
+ "score": 143,
"color": "",
"comment": "",
"enabled": true,
@@ -423,6 +181,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1566",
+ "tactic": "initial-access",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1566.002",
"tactic": "initial-access",
@@ -445,10 +214,21 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1537",
+ "tactic": "exfiltration",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1562.008",
"tactic": "defense-evasion",
- "score": 2,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -621,10 +401,32 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1562.001",
+ "tactic": "defense-evasion",
+ "score": 114,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1531",
+ "tactic": "impact",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
- "score": 25,
+ "score": 27,
"color": "",
"comment": "",
"enabled": true,
@@ -720,6 +522,39 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1556",
+ "tactic": "credential-access",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556",
+ "tactic": "defense-evasion",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556",
+ "tactic": "persistence",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1136",
"tactic": "persistence",
@@ -731,6 +566,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1136.003",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1059.001",
"tactic": "execution",
@@ -745,7 +591,7 @@
{
"techniqueID": "T1059.003",
"tactic": "execution",
- "score": 40,
+ "score": 43,
"color": "",
"comment": "",
"enabled": true,
@@ -756,7 +602,7 @@
{
"techniqueID": "T1059.004",
"tactic": "execution",
- "score": 12,
+ "score": 14,
"color": "",
"comment": "",
"enabled": true,
@@ -765,8 +611,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1213",
- "tactic": "collection",
+ "techniqueID": "T1098.003",
+ "tactic": "persistence",
"score": 7,
"color": "",
"comment": "",
@@ -776,9 +622,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1082",
- "tactic": "discovery",
- "score": 33,
+ "techniqueID": "T1098.003",
+ "tactic": "privilege-escalation",
+ "score": 7,
"color": "",
"comment": "",
"enabled": true,
@@ -787,31 +633,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1591.004",
- "tactic": "reconnaissance",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.004",
- "tactic": "lateral-movement",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1586",
- "tactic": "resource-development",
- "score": 2,
+ "techniqueID": "T1552",
+ "tactic": "credential-access",
+ "score": 11,
"color": "",
"comment": "",
"enabled": true,
@@ -907,6 +731,28 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1098.001",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1098.001",
+ "tactic": "privilege-escalation",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1484",
"tactic": "defense-evasion",
@@ -954,7 +800,7 @@
{
"techniqueID": "T1059",
"tactic": "execution",
- "score": 92,
+ "score": 91,
"color": "",
"comment": "",
"enabled": true,
@@ -1083,6 +929,50 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1556.006",
+ "tactic": "credential-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556.006",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556.006",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1526",
+ "tactic": "discovery",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1573",
"tactic": "command-and-control",
@@ -1251,7 +1141,7 @@
{
"techniqueID": "T1203",
"tactic": "execution",
- "score": 28,
+ "score": 30,
"color": "",
"comment": "",
"enabled": true,
@@ -1262,7 +1152,7 @@
{
"techniqueID": "T1204.002",
"tactic": "execution",
- "score": 33,
+ "score": 32,
"color": "",
"comment": "",
"enabled": true,
@@ -1328,7 +1218,7 @@
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
- "score": 16,
+ "score": 18,
"color": "",
"comment": "",
"enabled": true,
@@ -1350,7 +1240,7 @@
{
"techniqueID": "T1083",
"tactic": "discovery",
- "score": 23,
+ "score": 24,
"color": "",
"comment": "",
"enabled": true,
@@ -1394,7 +1284,7 @@
{
"techniqueID": "T1071.004",
"tactic": "command-and-control",
- "score": 15,
+ "score": 17,
"color": "",
"comment": "",
"enabled": true,
@@ -1460,7 +1350,7 @@
{
"techniqueID": "T1003.001",
"tactic": "credential-access",
- "score": 75,
+ "score": 77,
"color": "",
"comment": "",
"enabled": true,
@@ -1570,29 +1460,7 @@
{
"techniqueID": "T1021.001",
"tactic": "lateral-movement",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1068",
- "tactic": "privilege-escalation",
- "score": 29,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.006",
- "tactic": "lateral-movement",
- "score": 11,
+ "score": 15,
"color": "",
"comment": "",
"enabled": true,
@@ -1603,7 +1471,7 @@
{
"techniqueID": "T1047",
"tactic": "execution",
- "score": 48,
+ "score": 49,
"color": "",
"comment": "",
"enabled": true,
@@ -1647,7 +1515,7 @@
{
"techniqueID": "T1558.003",
"tactic": "credential-access",
- "score": 16,
+ "score": 17,
"color": "",
"comment": "",
"enabled": true,
@@ -1724,7 +1592,7 @@
{
"techniqueID": "T1136.001",
"tactic": "persistence",
- "score": 14,
+ "score": 16,
"color": "",
"comment": "",
"enabled": true,
@@ -1765,6 +1633,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1082",
+ "tactic": "discovery",
+ "score": 33,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1016",
"tactic": "discovery",
@@ -1985,6 +1864,28 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1133",
+ "tactic": "persistence",
+ "score": 18,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1133",
+ "tactic": "initial-access",
+ "score": 18,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1562.002",
"tactic": "defense-evasion",
@@ -2051,6 +1952,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1021.006",
+ "tactic": "lateral-movement",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1055.003",
"tactic": "defense-evasion",
@@ -2120,7 +2032,7 @@
{
"techniqueID": "T1046",
"tactic": "discovery",
- "score": 14,
+ "score": 15,
"color": "",
"comment": "",
"enabled": true,
@@ -2219,7 +2131,7 @@
{
"techniqueID": "T1059.005",
"tactic": "execution",
- "score": 22,
+ "score": 25,
"color": "",
"comment": "",
"enabled": true,
@@ -2326,6 +2238,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1021.004",
+ "tactic": "lateral-movement",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
@@ -2384,7 +2307,7 @@
{
"techniqueID": "T1027.010",
"tactic": "defense-evasion",
- "score": 4,
+ "score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -2439,7 +2362,7 @@
{
"techniqueID": "T1053.005",
"tactic": "execution",
- "score": 50,
+ "score": 51,
"color": "",
"comment": "",
"enabled": true,
@@ -2450,7 +2373,7 @@
{
"techniqueID": "T1053.005",
"tactic": "persistence",
- "score": 50,
+ "score": 51,
"color": "",
"comment": "",
"enabled": true,
@@ -2461,7 +2384,7 @@
{
"techniqueID": "T1053.005",
"tactic": "privilege-escalation",
- "score": 50,
+ "score": 51,
"color": "",
"comment": "",
"enabled": true,
@@ -2516,7 +2439,7 @@
{
"techniqueID": "T1036.003",
"tactic": "defense-evasion",
- "score": 26,
+ "score": 27,
"color": "",
"comment": "",
"enabled": true,
@@ -2615,7 +2538,7 @@
{
"techniqueID": "T1222.001",
"tactic": "defense-evasion",
- "score": 4,
+ "score": 5,
"color": "",
"comment": "",
"enabled": true,
@@ -2637,7 +2560,7 @@
{
"techniqueID": "T1027",
"tactic": "defense-evasion",
- "score": 92,
+ "score": 94,
"color": "",
"comment": "",
"enabled": true,
@@ -2656,17 +2579,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1204.004",
- "tactic": "execution",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1134.001",
"tactic": "defense-evasion",
@@ -2714,7 +2626,7 @@
{
"techniqueID": "T1112",
"tactic": "defense-evasion",
- "score": 88,
+ "score": 92,
"color": "",
"comment": "",
"enabled": true,
@@ -2725,7 +2637,7 @@
{
"techniqueID": "T1112",
"tactic": "persistence",
- "score": 88,
+ "score": 92,
"color": "",
"comment": "",
"enabled": true,
@@ -2780,7 +2692,7 @@
{
"techniqueID": "T1574.001",
"tactic": "persistence",
- "score": 88,
+ "score": 89,
"color": "",
"comment": "",
"enabled": true,
@@ -2791,7 +2703,7 @@
{
"techniqueID": "T1574.001",
"tactic": "privilege-escalation",
- "score": 88,
+ "score": 89,
"color": "",
"comment": "",
"enabled": true,
@@ -2802,7 +2714,7 @@
{
"techniqueID": "T1574.001",
"tactic": "defense-evasion",
- "score": 88,
+ "score": 89,
"color": "",
"comment": "",
"enabled": true,
@@ -2843,28 +2755,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1133",
- "tactic": "persistence",
- "score": 16,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1133",
- "tactic": "initial-access",
- "score": 16,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1587.001",
"tactic": "resource-development",
@@ -3033,7 +2923,7 @@
{
"techniqueID": "T1564.001",
"tactic": "defense-evasion",
- "score": 8,
+ "score": 9,
"color": "",
"comment": "",
"enabled": true,
@@ -3085,6 +2975,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1068",
+ "tactic": "privilege-escalation",
+ "score": 29,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1574.008",
"tactic": "persistence",
@@ -3308,7 +3209,7 @@
{
"techniqueID": "T1123",
"tactic": "collection",
- "score": 7,
+ "score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -3539,7 +3440,7 @@
{
"techniqueID": "T1055",
"tactic": "defense-evasion",
- "score": 32,
+ "score": 33,
"color": "",
"comment": "",
"enabled": true,
@@ -3550,7 +3451,18 @@
{
"techniqueID": "T1055",
"tactic": "privilege-escalation",
- "score": 32,
+ "score": 33,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1204.004",
+ "tactic": "execution",
+ "score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -3624,6 +3536,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1204.001",
+ "tactic": "execution",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1564",
"tactic": "defense-evasion",
@@ -3682,7 +3605,7 @@
{
"techniqueID": "T1484.001",
"tactic": "defense-evasion",
- "score": 4,
+ "score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -3693,7 +3616,7 @@
{
"techniqueID": "T1484.001",
"tactic": "privilege-escalation",
- "score": 4,
+ "score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -3825,7 +3748,7 @@
{
"techniqueID": "T1055.012",
"tactic": "defense-evasion",
- "score": 4,
+ "score": 5,
"color": "",
"comment": "",
"enabled": true,
@@ -3836,7 +3759,7 @@
{
"techniqueID": "T1055.012",
"tactic": "privilege-escalation",
- "score": 4,
+ "score": 5,
"color": "",
"comment": "",
"enabled": true,
@@ -4108,6 +4031,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1562.006",
+ "tactic": "defense-evasion",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1562.010",
"tactic": "defense-evasion",
@@ -4262,6 +4196,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1567.001",
+ "tactic": "exfiltration",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1127.001",
"tactic": "defense-evasion",
@@ -4339,6 +4284,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1129",
+ "tactic": "execution",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1027.002",
"tactic": "defense-evasion",
@@ -4493,6 +4449,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1195.001",
+ "tactic": "initial-access",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1137.003",
"tactic": "persistence",
@@ -4757,17 +4724,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1204.001",
- "tactic": "execution",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1553.003",
"tactic": "defense-evasion",
@@ -5109,6 +5065,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1213",
+ "tactic": "collection",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1498",
"tactic": "impact",
@@ -5154,8 +5121,19 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1548.003",
- "tactic": "privilege-escalation",
+ "techniqueID": "T1213.003",
+ "tactic": "collection",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1591.004",
+ "tactic": "reconnaissance",
"score": 2,
"color": "",
"comment": "",
@@ -5165,8 +5143,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1548.003",
- "tactic": "defense-evasion",
+ "techniqueID": "T1586",
+ "tactic": "resource-development",
"score": 2,
"color": "",
"comment": "",
@@ -5175,6 +5153,17 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1586.003",
+ "tactic": "resource-development",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1059.012",
"tactic": "execution",
@@ -5464,7 +5453,7 @@
{
"techniqueID": "T1543.004",
"tactic": "persistence",
- "score": 2,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -5475,7 +5464,7 @@
{
"techniqueID": "T1543.004",
"tactic": "privilege-escalation",
- "score": 2,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -5605,8 +5594,30 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1129",
- "tactic": "execution",
+ "techniqueID": "T1548.003",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1548.003",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1595.001",
+ "tactic": "reconnaissance",
"score": 1,
"color": "",
"comment": "",
diff --git a/other/sigma_attack_nav_coverage.svg b/other/sigma_attack_nav_coverage.svg
index 8a4f7610e..7b82658c6 100644
--- a/other/sigma_attack_nav_coverage.svg
+++ b/other/sigma_attack_nav_coverage.svg
@@ -1,2 +1,2 @@
-
\ No newline at end of file
+
\ No newline at end of file