feat: add RuleTitle tomitre-attack-navigator.json

[fukusuket]

What Changed

• related: Visualize TTPs in ATT&CK Navigator #76
• added RuleTile to comment field.
  • It would be better for the user to be able to check on ATT&CK Navigator which rule the techniqueID was detected by.
    example:

{
  "name": "Hayabusa detection result heatmap",
  "versions": {
    "attack": "14",
    "navigator": "4.9.1",
    "layer": "4.5"
  },
  "domain": "enterprise-attack",
  "description": "Hayabusa detection result heatmap",
  "techniques": [
    {
      "color": "#fd8d3c",
      "techniqueID": "T1070.006",
      "comment": "Unauthorized System Time Modification"
    },
    {
      "color": "#fd8d3c",
      "techniqueID": "T1098",
      "comment": "A Member Was Added to a Security-Enabled Global Group"
    }
   ]
}

Test

Environment

• OS: macOS Sonoma version 14.0
• Hayabusa v2.12.0
• Nim: 2.0.0

Test

hayabusa-sample-evtx's result

./takajo ttp-visualize -t timeline.jsonl
...
Started the TTP Visualize command.
This command extracts TTPs and creates a JSON file to visualize in MITRE ATT&CK Navigator.

Counting total lines. Please wait.
Total lines: 32317

100%|█████████████████████████| 32317/32317 [ 0.8s< 0.0s,  45.92k/sec]

Saved file: mitre-attack-navigator.json (1.50 MB)

Elapsed time: 0 hours, 0 minutes, 0 seconds

I would appreciate it if you could check it out when you have time🙏

[fukusuket]

@YamatoSecurity @hitenkoku
With version 2.3.0 of the ttp-visualize command, it is not possible to tell which rules were detected on ATT&CK Navigator.
I tried making it possible for users to see which rules were detected on ATT&CK Navigator. What do you think?🤔

[YamatoSecurity]

@fukusuket That's a great idea! I updated the changelog. Could you translate the Japanese version?
What happens when multiple rules detect the same technique?

[fukusuket]

@YamatoSecurity
Thank you so much for comment :)
I forgot the case when multiple detections😅I will implement it!💪

Is it better to output RureTitle with the ttp-summary command as well?

[YamatoSecurity]

Is it better to output RureTitle with the ttp-summary command as well?

I think that would be a good enhancement as well.

[fukusuket]

@YamatoSecurity
If there are multiple detections, I implemented it so that they are output in a comment separated by commas!
I also updated Japanese ChangeLog :) Could you please confirm?🙏

[YamatoSecurity]

@fukusuket LGTM! Thank you!