initial mitre att&ck standardization (#8446)

* added feature sorting flows by protocol * changed protocols comparison order * initial commit for bitmap of server ports * bitmap added to redis * added debug string, bitmap not working * Update alerts_list_per_license.rst * Update alerts_list_per_license.rst * initial mitre att&ck standardization * Update ServerPortsBitmap.h * updated mitre standardization
2026-04-29 15:39:33 +00:00 · 2024-06-12 15:55:10 +02:00 · 2024-06-12 15:55:10 +02:00 · 1b3a0ec19a
commit 1b3a0ec19a
parent a3b5003298
106 changed files with 1466 additions and 10 deletions
--- a/scripts/lua/modules/alert_definitions/flow/alert_periodicity_changed.lua
+++ b/scripts/lua/modules/alert_definitions/flow/alert_periodicity_changed.lua
@ -10,6 +10,8 @@ local classes = require "classes"
 -- Make sure to import the Superclass!
 local alert = require "alert"
 local json = require "dkjson"
+-- Import Mitre Att&ck utils
+local mitre = require "mitre_utils"

 -- ##############################################

@ -21,6 +23,13 @@ alert_periodicity_changed.meta = {
   alert_key = flow_alert_keys.flow_alert_periodicity_changed,
   i18n_title = "alerts_dashboard.alert_periodicity_update",
   icon = "fas fa-fw fa-arrows-alt-h",
+
+   -- Mitre Att&ck Matrix values
+   mitre_values = {
+      mitre_tactic = mitre.tactic.exfiltration,
+      mitre_tecnique = mitre.tecnique.scheduled_tranfer,
+      mitre_id = "T1029"
+   },
 }

 -- ##############################################