Skip to content


Marcus Bakker edited this page May 23, 2019 · 2 revisions

Version 1.1.1

  • Added a new option '--health' to check a technique administration YAML file on possible errors.
  • Added to possibility to have a group YAML file type that contains a count on how popular a certain technique is.
  • Added both the detection and visibility score in the metadata when doing an overlay of detection/visibility on a group.

Version 1.1

  • New version (1.1) of the technique administration YAML file introducing the following improvements:

    • A technique can now have multiple detection and visibility objects. This allows you to have more detailed scores for different type of systems by making use of the new key-value pair applicable_to.
    • Added the key-value pair applicable_to to the detection and visibility object. This allows you to specify a list of type of system(s) to which it applies. For example: crown jewel X, endpoints, etc. You can use the value ['all'] to have the detection or visibility be applicable to all type of systems.
    • Added the key-value pair technique_name, containing the techniques's name (e.g. "Process Injection"), to every technique ID.

    Older technique administration files can be automatically upgraded to this new version. DeTT&CT will prompt you on this if an upgrade is available.

  • It is now possible to export your technique administration for visibility and detections to Excel:

python d -ft sample-data/techniques-administration-endpoints.yaml -fd sample-data/data-sources-endpoints.yaml --excel
File written: output/techniques.xlsx
  • Several smaller improvements:
    • The detection and visibility layer file contains a score to allow sorting within the ATT&CK Navigator.
    • Added a score for detection/visibility when overlaid with a group to improve the visual comparison.
    • The ATT&CK Navigator's legend is improved when overlaying detection or visibility on a group.
    • Added colours to the Excel output to visualise the scores for data source quality, visibility and detections.
    • Remember the selected path for a YAML administration file in the interactive menu.
    • Added a more detailed error message for invalid YAML files.
    • Constants have been moved to its own file
  • Several bug fixes:
    • Fixed a bug reported by @tuckner: issue #3 - product list not appending for visibility ATT&CK layer)
    • Fixed a bug that would cause a crash when doing a software-group using a visibility or detection overlay.
    • Fixed a bug that would cause a crash when the YAML 'score' key-value pair had not value assigned.
You can’t perform that action at this time.