Skip to content

Data sources graph

Jump to bottom
ruben edited this page Nov 1, 2023 · 8 revisions

Your data sources are always in motion. The number of data sources are growing, new products appear, more sources are connected to your security data lake, etc. DeTT&CT can generate a graph with the number of added data sources plotted through time to keep track of this development.

To generate a graph based on the data sources administration file, you can run the below command. Showing the improvement (also for visibility or detection) within an MITRE ATT&CK Navigator layer is also possible. An example on how to do this for detection can be found here. The approach on how to do this for data sources is very similar.

python dettect.py ds -fd sample-data/data-sources-endpoints.yaml -g
DeTT&CT - Data sources graph

Overview

  1. Home
  2. Introduction
  3. Installation and requirements
  4. Getting started / How to
  5. Changelog
  6. Future developments
  7. ICS - Inconsistencies

Data sources

  1. Introduction
  2. DeTT&CT data sources
  3. Data sources per platform
  4. Data quality
  5. Scoring data quality
  6. Improvement graph

Visibility Coverage

  1. Introduction
  2. Scoring visibility
  3. Improvement graph

Detection coverage

  1. Introduction
  2. Scoring detection
  3. Improvement graph

Threat actor group mapping

  1. Introduction

YAML administration files

  1. Introduction
  2. Data sources
  3. Techniques
  4. Groups
  5. DeTT&CT Editor
Clone this wiki locally