This part of the project focuses on defining the required data in form of data objects and the relationships among each other needed to facilitate the creation of data analytics and validate the detection of adversary techniques. We have also extended this concept to the MITRE-ATT&CK framework here.
| File | Description |
|---|---|
| OSSEM Event Mappings (YAML file) | Security event logs mapped to OSSEM relationships (Includes ATT&CK data sources metadata) |
| ATT&CK Event Mappings (MD file) | Security event logs mapped to ATT&CK Data Sources Objects |
| ATT&CK Event Mappings (YAML file) | Security event logs mapped to ATT&CK Data Sources Objects |
| ATT&CK Event Mappings (CVS file) | Security event logs mapped to ATT&CK Data Sources Objects |
- Defining ATT&CK Data Sources, Part I: Enhancing the Current State
- Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology
- ATT&CK Data Sources GitHub repository
- CAR Analytics
- Common Information Model
- STIX Cybox ObjectRelationshipVOcab-1.1
- Cybox Object
- STIX Version 2.0. Part 4 - Cyber Observable Object
- Finding Cyber Threats with ATTCK Based Analytics
- CAR Analytics Data Model
- Quantifying your hunt - not your parent's red teaming