Filter options on the beta sub-technique version have duplicates #164
Comments
isaisabel
added
bug
|
Hi @olafhartong, It looks like some of the duplicated APTs are objects found in multiple domains (e.g APT28 and APT1 are both duplicated, and they're both in PRE-ATT&CK and Enterprise). I'm not yet sure what's causing the issue with APT17 and APT16 since they're single-domain. With regards to the coverage difference (12 associated techniques vs 22 before), that's more of a matter of how we executed the sub-techniques refactor, and not really a Navigator issue. I'd recommend reaching out to the ATT&CK team (contact page here) if you have questions or concerns about the coverage difference. |
|
Actually, looking at the beta version of APT1, it looks like there should be 20 associated techniques (the number in the techniques used table), not 12 as selected in the multiselect interface. So you're right that there may be a bug involved there. |
|
@olafhartong we've fixed this bug and merged it into the I'm closing the issue so that we can track our progress in the milestone. |
The filtering for threat groups has a lot of duplicate entries, some examples being;
APT16
APT17
APT28
Additionally it seems the tagging of the techniques also has some issues, for instance in the current navigator APT1 has better coverage than in the beta edition.
Both might be caused by a similar parsing flaw, or completely separate ;)
The text was updated successfully, but these errors were encountered: