security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5734 from @phantinuss - Update ATT&CK Heatmap Coverage

Browse Source 
chore: update ATT&CK heatmap

---------

Co-authored-by: phantinuss <phantinuss@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2025-11-02 00:16:18 +01:00
committed by GitHub
parent 38a32c569d
commit 941f2e9df4
2 changed files with 206 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files
other/sigma_attack_nav_coverage.json
+205 -172
View File
@@ -85,7 +85,7 @@
{
"techniqueID": "T1078.004",
"tactic": "defense-evasion",
"score": 38,
"score": 40,
"color": "",
"comment": "",
"enabled": true,
@@ -96,7 +96,7 @@
{
"techniqueID": "T1078.004",
"tactic": "persistence",
"score": 38,
"score": 40,
"color": "",
"comment": "",
"enabled": true,
@@ -107,7 +107,7 @@
{
"techniqueID": "T1078.004",
"tactic": "privilege-escalation",
"score": 38,
"score": 40,
"color": "",
"comment": "",
"enabled": true,
@@ -118,7 +118,7 @@
{
"techniqueID": "T1078.004",
"tactic": "initial-access",
"score": 38,
"score": 40,
"color": "",
"comment": "",
"enabled": true,
@@ -206,7 +206,7 @@
{
"techniqueID": "T1562.001",
"tactic": "defense-evasion",
"score": 111,
"score": 113,
"color": "",
"comment": "",
"enabled": true,
@@ -302,10 +302,21 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1567.001",
"tactic": "exfiltration",
"score": 2,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1070",
"tactic": "defense-evasion",
"score": 19,
"score": 20,
"color": "",
"comment": "",
"enabled": true,
@@ -327,7 +338,7 @@
{
"techniqueID": "T1190",
"tactic": "initial-access",
"score": 133,
"score": 140,
"color": "",
"comment": "",
"enabled": true,
@@ -393,7 +404,7 @@
{
"techniqueID": "T1486",
"tactic": "impact",
"score": 15,
"score": 16,
"color": "",
"comment": "",
"enabled": true,
@@ -426,7 +437,7 @@
{
"techniqueID": "T1005",
"tactic": "collection",
"score": 11,
"score": 12,
"color": "",
"comment": "",
"enabled": true,
@@ -445,6 +456,17 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1110",
"tactic": "credential-access",
"score": 25,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1485",
"tactic": "impact",
@@ -478,6 +500,39 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1087.004",
"tactic": "discovery",
"score": 3,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1555",
"tactic": "credential-access",
"score": 8,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1003",
"tactic": "credential-access",
"score": 34,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1078",
"tactic": "defense-evasion",
@@ -569,7 +624,7 @@
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
"score": 24,
"score": 25,
"color": "",
"comment": "",
"enabled": true,
@@ -610,6 +665,17 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1608.003",
"tactic": "resource-development",
"score": 1,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1078.002",
"tactic": "defense-evasion",
@@ -679,7 +745,7 @@
{
"techniqueID": "T1059.003",
"tactic": "execution",
"score": 36,
"score": 40,
"color": "",
"comment": "",
"enabled": true,
@@ -753,17 +819,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1110",
"tactic": "credential-access",
"score": 24,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1552.007",
"tactic": "credential-access",
@@ -896,21 +951,10 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1003",
"tactic": "credential-access",
"score": 32,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 91,
"score": 92,
"color": "",
"comment": "",
"enabled": true,
@@ -965,7 +1009,7 @@
{
"techniqueID": "T1552.001",
"tactic": "credential-access",
"score": 20,
"score": 24,
"color": "",
"comment": "",
"enabled": true,
@@ -1039,17 +1083,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1087.004",
"tactic": "discovery",
"score": 2,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
@@ -1163,7 +1196,7 @@
{
"techniqueID": "T1567.002",
"tactic": "exfiltration",
"score": 12,
"score": 13,
"color": "",
"comment": "",
"enabled": true,
@@ -1229,7 +1262,18 @@
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 32,
"score": 33,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1595",
"tactic": "reconnaissance",
"score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -1284,7 +1328,7 @@
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 15,
"score": 16,
"color": "",
"comment": "",
"enabled": true,
@@ -1295,7 +1339,7 @@
{
"techniqueID": "T1505.003",
"tactic": "persistence",
"score": 32,
"score": 34,
"color": "",
"comment": "",
"enabled": true,
@@ -1306,7 +1350,7 @@
{
"techniqueID": "T1083",
"tactic": "discovery",
"score": 21,
"score": 23,
"color": "",
"comment": "",
"enabled": true,
@@ -1361,7 +1405,7 @@
{
"techniqueID": "T1048.003",
"tactic": "exfiltration",
"score": 8,
"score": 9,
"color": "",
"comment": "",
"enabled": true,
@@ -1394,7 +1438,7 @@
{
"techniqueID": "T1021.002",
"tactic": "lateral-movement",
"score": 36,
"score": 37,
"color": "",
"comment": "",
"enabled": true,
@@ -1471,7 +1515,7 @@
{
"techniqueID": "T1048",
"tactic": "exfiltration",
"score": 8,
"score": 11,
"color": "",
"comment": "",
"enabled": true,
@@ -1493,7 +1537,7 @@
{
"techniqueID": "T1569.002",
"tactic": "execution",
"score": 42,
"score": 43,
"color": "",
"comment": "",
"enabled": true,
@@ -1537,7 +1581,7 @@
{
"techniqueID": "T1068",
"tactic": "privilege-escalation",
"score": 27,
"score": 29,
"color": "",
"comment": "",
"enabled": true,
@@ -1548,7 +1592,7 @@
{
"techniqueID": "T1021.006",
"tactic": "lateral-movement",
"score": 9,
"score": 11,
"color": "",
"comment": "",
"enabled": true,
@@ -1636,7 +1680,7 @@
{
"techniqueID": "T1557",
"tactic": "credential-access",
"score": 5,
"score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -1647,7 +1691,7 @@
{
"techniqueID": "T1557",
"tactic": "collection",
"score": 5,
"score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -1746,7 +1790,7 @@
{
"techniqueID": "T1033",
"tactic": "discovery",
"score": 31,
"score": 30,
"color": "",
"comment": "",
"enabled": true,
@@ -1768,7 +1812,7 @@
{
"techniqueID": "T1070.003",
"tactic": "defense-evasion",
"score": 7,
"score": 9,
"color": "",
"comment": "",
"enabled": true,
@@ -1812,7 +1856,7 @@
{
"techniqueID": "T1565.002",
"tactic": "impact",
"score": 1,
"score": 2,
"color": "",
"comment": "",
"enabled": true,
@@ -1944,7 +1988,7 @@
{
"techniqueID": "T1562.002",
"tactic": "defense-evasion",
"score": 23,
"score": 26,
"color": "",
"comment": "",
"enabled": true,
@@ -2095,17 +2139,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1555",
"tactic": "credential-access",
"score": 7,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1555.003",
"tactic": "credential-access",
@@ -2175,7 +2208,7 @@
{
"techniqueID": "T1202",
"tactic": "defense-evasion",
"score": 37,
"score": 39,
"color": "",
"comment": "",
"enabled": true,
@@ -2186,7 +2219,7 @@
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 21,
"score": 22,
"color": "",
"comment": "",
"enabled": true,
@@ -2197,7 +2230,7 @@
{
"techniqueID": "T1059.007",
"tactic": "execution",
"score": 19,
"score": 21,
"color": "",
"comment": "",
"enabled": true,
@@ -2307,7 +2340,7 @@
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 144,
"score": 150,
"color": "",
"comment": "",
"enabled": true,
@@ -2406,7 +2439,7 @@
{
"techniqueID": "T1053.005",
"tactic": "execution",
"score": 48,
"score": 50,
"color": "",
"comment": "",
"enabled": true,
@@ -2417,7 +2450,7 @@
{
"techniqueID": "T1053.005",
"tactic": "persistence",
"score": 48,
"score": 50,
"color": "",
"comment": "",
"enabled": true,
@@ -2428,7 +2461,7 @@
{
"techniqueID": "T1053.005",
"tactic": "privilege-escalation",
"score": 48,
"score": 50,
"color": "",
"comment": "",
"enabled": true,
@@ -2560,7 +2593,7 @@
{
"techniqueID": "T1119",
"tactic": "collection",
"score": 4,
"score": 5,
"color": "",
"comment": "",
"enabled": true,
@@ -2678,6 +2711,28 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1112",
"tactic": "defense-evasion",
"score": 88,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1112",
"tactic": "persistence",
"score": 88,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1220",
"tactic": "defense-evasion",
@@ -2755,28 +2810,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1112",
"tactic": "defense-evasion",
"score": 86,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1112",
"tactic": "persistence",
"score": 86,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1132.001",
"tactic": "command-and-control",
@@ -2799,10 +2832,21 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1036.004",
"tactic": "defense-evasion",
"score": 3,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1133",
"tactic": "persistence",
"score": 15,
"score": 16,
"color": "",
"comment": "",
"enabled": true,
@@ -2813,7 +2857,7 @@
{
"techniqueID": "T1133",
"tactic": "initial-access",
"score": 15,
"score": 16,
"color": "",
"comment": "",
"enabled": true,
@@ -3418,7 +3462,7 @@
{
"techniqueID": "T1547.001",
"tactic": "persistence",
"score": 37,
"score": 38,
"color": "",
"comment": "",
"enabled": true,
@@ -3429,7 +3473,7 @@
{
"techniqueID": "T1547.001",
"tactic": "privilege-escalation",
"score": 37,
"score": 38,
"color": "",
"comment": "",
"enabled": true,
@@ -3462,7 +3506,7 @@
{
"techniqueID": "T1021.003",
"tactic": "lateral-movement",
"score": 10,
"score": 13,
"color": "",
"comment": "",
"enabled": true,
@@ -3495,7 +3539,7 @@
{
"techniqueID": "T1055",
"tactic": "defense-evasion",
"score": 31,
"score": 32,
"color": "",
"comment": "",
"enabled": true,
@@ -3506,7 +3550,7 @@
{
"techniqueID": "T1055",
"tactic": "privilege-escalation",
"score": 31,
"score": 32,
"color": "",
"comment": "",
"enabled": true,
@@ -3536,17 +3580,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1595",
"tactic": "reconnaissance",
"score": 2,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1027.009",
"tactic": "defense-evasion",
@@ -3613,17 +3646,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1104",
"tactic": "command-and-control",
"score": 1,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1055.001",
"tactic": "defense-evasion",
@@ -3822,6 +3844,28 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1218.014",
"tactic": "defense-evasion",
"score": 2,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1036.002",
"tactic": "defense-evasion",
"score": 3,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1505.005",
"tactic": "persistence",
@@ -4064,17 +4108,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1036.002",
"tactic": "defense-evasion",
"score": 2,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1562.010",
"tactic": "defense-evasion",
@@ -4229,17 +4262,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1567.001",
"tactic": "exfiltration",
"score": 1,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1127.001",
"tactic": "defense-evasion",
@@ -4265,7 +4287,7 @@
{
"techniqueID": "T1041",
"tactic": "exfiltration",
"score": 4,
"score": 5,
"color": "",
"comment": "",
"enabled": true,
@@ -4980,7 +5002,7 @@
{
"techniqueID": "T1078.001",
"tactic": "defense-evasion",
"score": 3,
"score": 4,
"color": "",
"comment": "",
"enabled": true,
@@ -4991,7 +5013,7 @@
{
"techniqueID": "T1078.001",
"tactic": "persistence",
"score": 3,
"score": 4,
"color": "",
"comment": "",
"enabled": true,
@@ -5002,7 +5024,7 @@
{
"techniqueID": "T1078.001",
"tactic": "privilege-escalation",
"score": 3,
"score": 4,
"color": "",
"comment": "",
"enabled": true,
@@ -5013,7 +5035,7 @@
{
"techniqueID": "T1078.001",
"tactic": "initial-access",
"score": 3,
"score": 4,
"color": "",
"comment": "",
"enabled": true,
@@ -5186,6 +5208,17 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1562.012",
"tactic": "defense-evasion",
"score": 1,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1548.001",
"tactic": "privilege-escalation",
@@ -5219,6 +5252,17 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1653",
"tactic": "persistence",
"score": 1,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1070.002",
"tactic": "defense-evasion",
@@ -5442,7 +5486,7 @@
{
"techniqueID": "T1059.002",
"tactic": "execution",
"score": 7,
"score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -5560,17 +5604,6 @@
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1036.004",
"tactic": "defense-evasion",
"score": 2,
"color": "",
"comment": "",
"enabled": true,
"metadata": [],
"links": [],
"showSubtechniques": false
},
{
"techniqueID": "T1129",
"tactic": "execution",
other/sigma_attack_nav_coverage.svg
+1 -1
View File
File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 121 KiB

After

Width:  |  Height:  |  Size: 121 KiB