Skip to content

Commit 203cfc6

Browse files
dplumleemaximpnelasticmachine
authored
[Security Solution] Updates kibana MITRE data to v16.1 (#215026)
## Summary Addresses: #166152 for `8.18.1` and #203370 Updates MITRE ATT&CK mappings to `v16.1`. Last update was to `v15.1` in #183463. To update, I modified https://github.com/elastic/kibana/blob/df55627b2d695b8721928cb453db31e2b5cb73a4/x-pack/solutions/security/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js#L22 to point to the `ATT&CK-v16.1` tag. Then ran `yarn extract-mitre-attacks` from the root `security_solution` plugin directory, and then `node scripts/i18n_check.js --fix` from Kibana root to regen the i18n files. ## Acceptance Criteria - [x] User can map and use new MITRE techniques in Security Solution - [ ] The user-facing documentation is updated with the new version - [ ] [MITRE ATT&CK® coverage](https://www.elastic.co/guide/en/security/master/rules-coverage.html) page - [ ] elastic/security-docs#6797 - [ ] elastic/docs-content#1292 ## Test Criteria This PR also updates our cypress tests which run with real MITRE data generated by the same `extract_tactics_techniques_mitre` script. Our tests would often break when the data was updated to a new version because the UI elements being tested would cover each other leading to flakiness or outright test failure. In order to ensure a more streamline update process the tests should no longer break because of this flakiness and only when there's a more serious issue. - [x] Verify that new techniques (see the changelog link above) are available for mapping on the Rule Creation page under "Advanced settings" - [x] Verify that new techniques are available on the MITRE ATT&CK coverage page --------- Co-authored-by: Maxim Palenov <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
1 parent 6d96c1a commit 203cfc6

File tree

7 files changed

+313
-69
lines changed

7 files changed

+313
-69
lines changed

x-pack/platform/plugins/private/translations/translations/fr-FR.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36637,7 +36637,6 @@
3663736637
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processHollowingT1055Description": "Remplacement de processus (T1055.012)",
3663836638
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procFilesystemT1003Description": "Système de fichiers proc (T1003.007)",
3663936639
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procMemoryT1055Description": "Mémoire proc (T1055.009)",
36640-
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.protocolImpersonationT1001Description": "Usurpation d'identité de protocole (T1001.003)",
3664136640
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ptraceSystemCallsT1055Description": "Appels système Ptrace (T1055.008)",
3664236641
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pubPrnT1216Description": "PubPrn (T1216.001)",
3664336642
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.purchaseTechnicalDataT1597Description": "Données techniques d'achat (T1597.002)",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36611,7 +36611,6 @@
3661136611
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processHollowingT1055Description": "プロセスハロウイング(T1055.012)",
3661236612
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procFilesystemT1003Description": "プロセスファイルシステム(T1003.007)",
3661336613
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procMemoryT1055Description": "プロセスメモリ(T1055.009)",
36614-
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.protocolImpersonationT1001Description": "プロトコルなりすまし(T1001.003)",
3661536614
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ptraceSystemCallsT1055Description": "Ptrace システムコール(T1055.008)",
3661636615
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pubPrnT1216Description": "PubPrn (T1216.001)",
3661736616
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.purchaseTechnicalDataT1597Description": "技術データの購入(T1597.002)",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36672,7 +36672,6 @@
3667236672
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processHollowingT1055Description": "Process Hollowing (T1055.012)",
3667336673
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procFilesystemT1003Description": "Proc Filesystem (T1003.007)",
3667436674
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procMemoryT1055Description": "Proc Memory (T1055.009)",
36675-
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.protocolImpersonationT1001Description": "Protocol Impersonation (T1001.003)",
3667636675
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ptraceSystemCallsT1055Description": "Ptrace System Calls (T1055.008)",
3667736676
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pubPrnT1216Description": "PubPrn (T1216.001)",
3667836677
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.purchaseTechnicalDataT1597Description": "Purchase Technical Data (T1597.002)",

0 commit comments

Comments
 (0)