Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support sub-techniques for newer API versions #38

Merged
merged 19 commits into from
Jul 21, 2024
Merged

Support sub-techniques for newer API versions #38

merged 19 commits into from
Jul 21, 2024

Conversation

Konverto-MartinGasser
Copy link
Contributor

With commit 3f4ed3c MITRE sub-techniques should be supported and do not require to be removed anymore.

@f-bader
Copy link
Owner

f-bader commented Jun 19, 2024

I guess this is only true if the api version is current enough. See #37
My solution would be to validate that the selected api version is above this threshold and only then allow subtechniques

@f-bader f-bader added the good first issue Good for newcomers label Jun 19, 2024
@f-bader
Copy link
Owner

f-bader commented Jun 19, 2024

Double checked the documentation and it's not as easy as to just keep them. There needs to be the container with, and a container without the subrechniques.

Minimum API version is indeed 2023-12-01-preview

"tactics": [
    "Reconnaissance"
],
"techniques": [
    "T1589",
    "T1592",
    "T1598"
],
"subTechniques": [
    "T1589.001",
    "T1592.001"
]

@Konverto-MartinGasser do you feel up for the task adding this including tests or rather wait until I have the time to implement it?

@Konverto-MartinGasser
Copy link
Contributor Author

I was able to implement the function and do some local testing/deploying, which was working as expected. Tomorrow I will try to create matching tests, but honestly, I don't think that I succeed. I'll let you know how it went.

@f-bader
Copy link
Owner

f-bader commented Jun 20, 2024

Very cool. If you need help with the tests let me know. Happy to help

@Konverto-MartinGasser Konverto-MartinGasser marked this pull request as ready for review June 21, 2024 12:38
@Konverto-MartinGasser
Copy link
Contributor Author

Hey @f-bader, could you kindly take a look at my changes and especially on those tests I've written? I've never worked with test-files so far so I'm not sure I did the right thing ( at least they are not failing ;) )
I'm also not quite happy how I merge the properties relevantTechniques, subTechniques and techniques when converting from ARM to YAML. Maybe you have a suggestion on how to improve it?

Thanks

@Konverto-MartinGasser Konverto-MartinGasser changed the title Removed "remove sub-techniques" Support sub-techniques for newer API versions Jun 21, 2024
@f-bader
Copy link
Owner

f-bader commented Jun 21, 2024

Will do but most likely next week

f-bader
f-bader requested changes Jul 21, 2024
View reviewed changes
tests/Convert-SentinelARYamlToArm.tests.ps1 Outdated Show resolved Hide resolved
tests/Convert-SentinelARYamlToArm.tests.ps1 Outdated Show resolved Hide resolved
tests/Convert-SentinelARYamlToArm.tests.ps1 Outdated Show resolved Hide resolved
tests/Convert-SentinelARYamlToArm.tests.ps1 Outdated Show resolved Hide resolved
tests/Convert-SentinelARYamlToArm.tests.ps1 Outdated Show resolved Hide resolved
@f-bader f-bader merged commit 021ac30 into f-bader:main Jul 21, 2024
3 checks passed
@f-bader
Copy link
Owner

f-bader commented Jul 21, 2024

@Konverto-MartinGasser Amazing work and sorry it took me so long to validate and merge this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@f-bader f-bader f-bader approved these changes

Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Konverto-MartinGasser @f-bader