You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
+ Updated Docs to show new large data set link
+ Updated data sources collected from Shire network
+ Re-run stats on every small dataset to show more sources that did not have tasks mapped to them. Stats script was not counting all of them.
Copy file name to clipboardExpand all lines: docs/build/html/_sources/mordor_categorization.rst.txt
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,8 +12,8 @@ Small Datasets
12
12
* They lack of context from other techniques that happen in other tactic categories. For example, if mordor data gives you credential dumping sub-techniques, you only get that and not the potential privilege escalation activity that might have been necessary to be able to dump credentials in the first place.
13
13
* Think about them as the results of atomic testing.
* They are categorized by known APT groups or custom combination of techniques produced in the mordor lab environments
24
24
* They represent events that get generated throughout the ``whole attack lifecycle`` (Initial accesss, discovery, privilege escalation, etc)
25
25
* They have a lot of context to identify relationships across several data sources produced by the execution of several adversarial techniques in one mordor file.
26
-
* This is going to be available by the end of May 2019.
26
+
* They are inspired by the `ATT&CK evaluation emulation playbooks <https://attackevals.mitre.org/evaluations.html#>`_
<li>They lack of context from other techniques that happen in other tactic categories. For example, if mordor data gives you credential dumping sub-techniques, you only get that and not the potential privilege escalation activity that might have been necessary to be able to dump credentials in the first place.</li>
176
179
<li>Think about them as the results of atomic testing.</li>
177
180
</ul>
178
-
<divclass="section" id="examples">
179
-
<h3>Examples<aclass="headerlink" href="#examples" title="Permalink to this headline">¶</a></h3>
181
+
<divclass="section" id="example">
182
+
<h3>Example<aclass="headerlink" href="#example" title="Permalink to this headline">¶</a></h3>
<li>They are categorized by known APT groups or custom combination of techniques produced in the mordor lab environments</li>
189
192
<li>They represent events that get generated throughout the <codeclass="docutils literal notranslate"><spanclass="pre">whole</span><spanclass="pre">attack</span><spanclass="pre">lifecycle</span></code> (Initial accesss, discovery, privilege escalation, etc)</li>
190
193
<li>They have a lot of context to identify relationships across several data sources produced by the execution of several adversarial techniques in one mordor file.</li>
191
-
<li>This is going to be available by the end of May 2019.</li>
194
+
<li>They are inspired by the <aclass="reference external" href="https://attackevals.mitre.org/evaluations.html#">ATT&CK evaluation emulation playbooks</a></li>
192
195
</ul>
196
+
<divclass="section" id="id1">
197
+
<h3>Example<aclass="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
0 commit comments