New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEM] [DETECTION ENG] Add MITRE ATT&CK #52398
Conversation
Pinging @elastic/siem (Team:SIEM) |
...plugins/siem/public/pages/detection_engine/create_rule/components/description_step/index.tsx
Outdated
Show resolved
Hide resolved
...plugins/siem/public/pages/detection_engine/create_rule/components/description_step/index.tsx
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/pages/detection_engine/create_rule/components/mitre/index.tsx
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/pages/detection_engine/create_rule/components/mitre/index.tsx
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/pages/detection_engine/create_rule/components/mitre/index.tsx
Show resolved
Hide resolved
cb50e91
to
823a1b9
Compare
823a1b9
to
e398e52
Compare
...plugins/siem/public/pages/detection_engine/create_rule/components/description_step/index.tsx
Show resolved
Hide resolved
Grabbed the latest and looped through again -- noticing the following things:
Let me know if you have any questions around the specifics -- I'll update this comment when I test again. |
e398e52
to
8de60e4
Compare
x-pack/legacy/plugins/siem/public/pages/detection_engine/create_rule/components/mitre/index.tsx
Outdated
Show resolved
Hide resolved
@@ -5,6 +5,7 @@ | |||
"private": true, | |||
"license": "Elastic-License", | |||
"scripts": { | |||
"extract-mitre-attacks": "node scripts/extract_tactics_techniques_mitre.js & node ../../../../scripts/eslint ./public/pages/detection_engine/mitre/mitre_tactics_techniques.ts --fix", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is absolutely awesome @XavierM! Thanks for taking the time to make a re-usable script for updating these -- our future selves are thanking you graciously! 😅 I tested this with both removing some fields from the current and deleting the file altogether and looks good! When deleting the file for a clean re-gen it'll give a no matching pattern error when trying to lint (and you'll have to lint manually), but it still generates fine. (Not a big deal since we'll be generating with the file in tact.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checked out locally, tested thoroughly, and performed code review. LGTM! 👍
As commented, thanks for not only taking the time to write a script to automate the generation of these rules, but for also looping back around to improve/fix the lingering usability quarks. Really appreciate it @XavierM! 🙂
7bdd58a
to
83a14de
Compare
83a14de
to
86952c9
Compare
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* add mitre attack enterprise * Add Mitre Att&ck on the about rule * review * fix internatiolazition * bugs review * fix ux with add reference
* add mitre attack enterprise * Add Mitre Att&ck on the about rule * review * fix internatiolazition * bugs review * fix ux with add reference
Summary
Create a script to get all the value of Tactics and Techniques from the Mitre JSON file + create the internationalization with it
To run the script go under the
SIEM
plugin folder and runyarn extract-mitre-attacks
Add a component to add tactics and techniques from MITRE ATT&CK Enterprise on the rule.
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.[ ] This was checked for cross-browser compatibility, including a check against IE11[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support[ ] Documentation was added for features that require explanation or tutorials[ ] Unit or functional tests were updated or added to match the most common scenarios[ ] This was checked for keyboard-only and screenreader accessibilityFor maintainers
[ ] This was checked for breaking API changes and was labeled appropriately[ ] This includes a feature addition or change that requires a release note and was labeled appropriately