initial mitre att&ck standardization (#8446)

* added feature sorting flows by protocol * changed protocols comparison order * initial commit for bitmap of server ports * bitmap added to redis * added debug string, bitmap not working * Update alerts_list_per_license.rst * Update alerts_list_per_license.rst * initial mitre att&ck standardization * Update ServerPortsBitmap.h * updated mitre standardization
2026-04-29 07:29:32 +00:00 · 2024-06-12 15:55:10 +02:00 · 2024-06-12 15:55:10 +02:00 · 1b3a0ec19a
commit 1b3a0ec19a
parent a3b5003298
106 changed files with 1466 additions and 10 deletions
--- a/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
+++ b/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
@ -11,6 +11,8 @@ local classes = require "classes"
 -- Make sure to import the Superclass!
 local alert = require "alert"
 local alert_entities = require "alert_entities"
+-- Import Mitre Att&ck utils
+local mitre = require "mitre_utils"

 -- ##############################################

@ -23,6 +25,13 @@ alert_vulnerability_scan.meta = {
  entities = {
     alert_entities.am_host,
  },
+
+   -- Mitre Att&ck Matrix values
+   mitre_values = {
+      mitre_tactic = mitre.tactic.persistence,
+      mitre_tecnique = mitre.tecnique.ext_remote_services,
+      mitre_id = "T1133"
+   },
 }

 -- ##############################################