Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add RuleTitle to ttp-summary command output #83

Merged
merged 4 commits into from
Jan 2, 2024
Merged

feat: add RuleTitle to ttp-summary command output #83

merged 4 commits into from
Jan 2, 2024

Conversation

fukusuket
Copy link
Collaborator

@fukusuket fukusuket commented Dec 28, 2023
edited
Loading

What Changed

Test

Environment

  • OS: macOS Sonoma version 14.0
  • Hayabusa v2.12.0
  • Nim: 2.0.0

Console

スクリーンショット 2023-12-28 15 17 29

CSV

Computer,Tactic,Technique,Sub-Technique,RuleTitle,Count
-,08. Credential Access,Brute Force,Password Spraying,PW Guessing,1
DESKTOP-JR78RLP,07. Defense Evasion,Impair Defenses,Disable Windows Event Logging,"PW Spray, Event Log Service Startup Type Changed To Disabled",3
DESKTOP-JR78RLP,07. Defense Evasion,Indicator Removal,Clear Windows Event Logs,Important Log File Cleared,1
DESKTOP-M5SN04R,10. Lateral Movement,Remote Services,SMB/Windows Admin Shares,"Log Cleared, Metasploit SMB Authentication",2
IE10Win7,04. Execution,System Services,Service Execution,"Rundll32 Execution Without Parameters, Metasploit SMB Authentication",3561
IE10Win7,05. Persistence,Create Account,Local Account,"Rundll32 Execution Without Parameters, CobaltStrike Service Installations - System, New User Created Via Net.EXE, PowerShell Scripts Installed as Services",24
IE10Win7,06. Privilege Escalation,Account Manipulation,-,"Add User to Local Administrators Group, New User Created Via Net.EXE",8
IE10Win7,06. Privilege Escalation,Create or Modify System Process,Windows Service,"Add User to Local Administrators Group, Possible Metasploit Svc Installed",2
IE10Win7,07. Defense Evasion,Access Token Manipulation,Create Process with Token,"Meterpreter or Cobalt Strike Getsystem Service Installation - System, Suspicious Service Installation Script, Malicious Svc Possibly Installed, Suspicious Service Installation, CobaltStrike Service Installations - System, Uncommon Service Installation, Possible Metasploit Svc Installed, Susp Svc Installed",69
IE10Win7,07. Defense Evasion,Access Token Manipulation,Token Impersonation/Theft,Meterpreter or Cobalt Strike Getsystem Service Installation - System,5
IE10Win7,07. Defense Evasion,Command and Scripting Interpreter,PowerShell,"Meterpreter or Cobalt Strike Getsystem Service Installation - System, Non Interactive PowerShell Process Spawned",5

I would appreciate it if you could check it out when you have time🙏

@fukusuket fukusuket added the enhancement New feature or request label Dec 28, 2023
@fukusuket fukusuket self-assigned this Dec 28, 2023
@fukusuket fukusuket changed the title feat: add RuleTitle to ttp-summary command output feat: add RuleTitle to ttp-summary command output Dec 28, 2023
@fukusuket fukusuket marked this pull request as ready for review December 28, 2023 06:23
hitenkoku
hitenkoku approved these changes Dec 28, 2023
View reviewed changes
Copy link
Collaborator

@hitenkoku hitenkoku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your pull request.
LGTM.

YamatoSecurity
YamatoSecurity approved these changes Jan 2, 2024
View reviewed changes
Copy link
Collaborator

@YamatoSecurity YamatoSecurity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fukusuket Thanks so much! LGTM!

@YamatoSecurity YamatoSecurity merged commit 7f96868 into main Jan 2, 2024
2 checks passed
@fukusuket fukusuket deleted the add-ruletitle-ttp-summary branch January 2, 2024 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YamatoSecurity YamatoSecurity YamatoSecurity approved these changes

@hitenkoku hitenkoku hitenkoku approved these changes

Assignees

@fukusuket fukusuket

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fukusuket @hitenkoku @YamatoSecurity