initial mitre att&ck standardization (#8446)

* added feature sorting flows by protocol * changed protocols comparison order * initial commit for bitmap of server ports * bitmap added to redis * added debug string, bitmap not working * Update alerts_list_per_license.rst * Update alerts_list_per_license.rst * initial mitre att&ck standardization * Update ServerPortsBitmap.h * updated mitre standardization
2026-04-29 23:49:33 +00:00 · 2024-06-12 15:55:10 +02:00 · 2024-06-12 15:55:10 +02:00 · 1b3a0ec19a
commit 1b3a0ec19a
parent a3b5003298
106 changed files with 1466 additions and 10 deletions
--- a/scripts/lua/modules/alert_definitions/flow/alert_elephant_flow.lua
+++ b/scripts/lua/modules/alert_definitions/flow/alert_elephant_flow.lua
@ -13,6 +13,8 @@ local classes = require "classes"
 -- Make sure to import the Superclass!
 local alert = require "alert"
 local json = require "dkjson"
+-- Import Mitre Att&ck utils
+local mitre = require "mitre_utils"

 -- ##############################################

@ -24,6 +26,14 @@ alert_elephant_flow.meta = {
   alert_key = flow_alert_keys.flow_alert_elephant_flow,
   i18n_title = "flow_details.elephant_flow",
   icon = "fas fa-fw fa-exclamation",
+
+   -- Mitre Att&ck Matrix values
+   mitre_values = {
+      mitre_tactic = mitre.tactic.collection,
+      mitre_tecnique = mitre.tecnique.data_from_conf_repo,
+      mitre_sub_tecnique = mitre.sub_tecnique.network_device_conf_dump,
+      mitre_ID = "T1602.002"
+   },
 }

 -- #######################################################