Project

General

Profile

Actions

Feature #4559

open

Tags for rules that enables mapping to Mitre Att&ck

Added by Andreas Stenberg over 3 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

As a user of Suricata I would like for it to have an official support for mapping the rules to the Mitre Att&ck framework, i.e. what Tactic and Technique in the framework that the rules maps to. I believe this would enable security teams all around the world to get a better understanding of the coverage a given rule gives. It is sort of what this project is trying to accomplish: https://github.com/0xtf/nsm-attack

From my perspective I see it as an equivalent to the "msg" field but with a more specific usage.

Actions

Also available in: Atom PDF