You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The filtering for threat groups has a lot of duplicate entries, some examples being;
APT16
APT17
APT28
Additionally it seems the tagging of the techniques also has some issues, for instance in the current navigator APT1 has better coverage than in the beta edition.
Both might be caused by a similar parsing flaw, or completely separate ;)
The text was updated successfully, but these errors were encountered:
It looks like some of the duplicated APTs are objects found in multiple domains (e.g APT28 and APT1 are both duplicated, and they're both in PRE-ATT&CK and Enterprise). I'm not yet sure what's causing the issue with APT17 and APT16 since they're single-domain.
With regards to the coverage difference (12 associated techniques vs 22 before), that's more of a matter of how we executed the sub-techniques refactor, and not really a Navigator issue. I'd recommend reaching out to the ATT&CK team (contact page here) if you have questions or concerns about the coverage difference.
Actually, looking at the beta version of APT1, it looks like there should be 20 associated techniques (the number in the techniques used table), not 12 as selected in the multiselect interface. So you're right that there may be a bug involved there.
@olafhartong we've fixed this bug and merged it into the feature/subtechniques-3.1 branch. It'll be moved to develop once we're done with the rest of the features in the v3.1 milestone.
I'm closing the issue so that we can track our progress in the milestone.
The filtering for threat groups has a lot of duplicate entries, some examples being;
APT16
APT17
APT28
Additionally it seems the tagging of the techniques also has some issues, for instance in the current navigator APT1 has better coverage than in the beta edition.
Both might be caused by a similar parsing flaw, or completely separate ;)
The text was updated successfully, but these errors were encountered: