Actions
Feature #4559
openTags for rules that enables mapping to Mitre Att&ck
Effort:
Difficulty:
Label:
Description
As a user of Suricata I would like for it to have an official support for mapping the rules to the Mitre Att&ck framework, i.e. what Tactic and Technique in the framework that the rules maps to. I believe this would enable security teams all around the world to get a better understanding of the coverage a given rule gives. It is sort of what this project is trying to accomplish: https://github.com/0xtf/nsm-attack
From my perspective I see it as an equivalent to the "msg" field but with a more specific usage.
Actions