Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for MITRE D3FEND, Remediation Category and Classes #1066

Merged
merged 9 commits into from
May 15, 2024
Merged

Support for MITRE D3FEND, Remediation Category and Classes #1066

merged 9 commits into from
May 15, 2024

Conversation

pagbabian-splunk
Copy link
Contributor

@pagbabian-splunk pagbabian-splunk commented Apr 30, 2024
edited
Loading

Related Issue: N/A.

Description of changes:

Added a Remediation category and associated classes based on MITRE D3FEND.
Added a d3fend d3_tactic d3_technique objects, modeled on the attack object.
Added d3f_tactic and d3f_technique attributes to the dictionary.
Added a countermeasures array of d3fend objects to the dictionary.
Cleaned up MITRE registration and trademark captions and descriptions.

@pagbabian-splunk pagbabian-splunk added enhancement New feature or request non_breaking Non Breaking, backwards compatible changes v1.3.0 Changes marked for v1.3.0 of OCSF labels Apr 30, 2024
floydtree
floydtree reviewed Apr 30, 2024
View reviewed changes
.DS_Store Outdated Show resolved Hide resolved
@alanisaac alanisaac mentioned this pull request Apr 30, 2024
Merged
netfl0
netfl0 reviewed Apr 30, 2024
View reviewed changes
objects/d3fend.json Outdated Show resolved Hide resolved
@pagbabian-splunk
Refactored d3fend to not use the attack objects but created new d3f_t…
17a9904 
…actic and d3_technique objects. Added corresponding attributes to the dictionary.

Cleaned up descriptions, fixing trademarks and registration superscripts.

Signed-off-by: Paul Agbabian <[email protected]>
@pagbabian-splunk
Updated with additional MITRE objects; misc description and caption u…
7aa86ea 
…pdates.

Signed-off-by: Paul Agbabian <[email protected]>
@pagbabian-splunk pagbabian-splunk requested review from netfl0, floydtree, aamedina and maxhotta and removed request for netfl0 and aamedina May 3, 2024 01:35
aamedina
aamedina reviewed May 3, 2024
View reviewed changes
Copy link

@aamedina aamedina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

netfl0
netfl0 reviewed May 3, 2024
View reviewed changes
Copy link

@netfl0 netfl0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes look good to me and I think this approach is a great start.

aamedina
aamedina reviewed May 3, 2024
View reviewed changes
Copy link

@aamedina aamedina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks for adding this category and I am looking forward to the ongoing collaboration between OCSF and D3FEND.

@pagbabian-splunk
Merge branch 'main' into d3fend
6ffb29c 
Signed-off-by: Paul Agbabian <[email protected]>
@maxhotta
Copy link
Contributor

maxhotta commented May 3, 2024

Looks good, Paul - Thanks for taking this forward

mikeradka
mikeradka approved these changes May 15, 2024
View reviewed changes
Copy link
Contributor

@mikeradka mikeradka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mikeradka mikeradka merged commit 0949e27 into main May 15, 2024
2 checks passed
@maxhotta maxhotta mentioned this pull request May 21, 2024
Closed
@floydtree floydtree deleted the d3fend branch May 31, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aamedina aamedina aamedina left review comments

@netfl0 netfl0 netfl0 left review comments

@maxhotta maxhotta maxhotta approved these changes

@mikeradka mikeradka mikeradka approved these changes

@zschmerber zschmerber zschmerber approved these changes

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@floydtree floydtree Awaiting requested review from floydtree floydtree is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request non_breaking Non Breaking, backwards compatible changes v1.3.0 Changes marked for v1.3.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@pagbabian-splunk @maxhotta @netfl0 @aamedina @zschmerber @floydtree @mikeradka