Version 1.0 of Sysmon to MITRE ATT&CK compare script #80
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nicpenning
changed the title
Update ATTCK to ATT&CK and check for valid Tactic names
|
Hey @olafhartong, what do you think of this PR? I would be happy to break it down further if needed. |
|
I like the script a lot, the GridView output is pretty cool! However, on my test machines the json is not populated with techniques, this might be because the tactics are not in there? |
|
PowerShell 7 should do the trick. If you run it against the current repo clone then you will miss the tactics and some info. This is what I see when I execute the script: Is this what you see? |
|
Oh I see, yes. Without the Tactic you can't export the JSON. That is part of the PR (#82) that adds all of the Tactics to the rule names. :) |
stavhaygn
added a commit
to stavhaygn/sysmon-modular
that referenced
this pull request
May 10, 2022
The source of `CompareSysmonTo-MITRE_ATTCK.ps1` script is from olafhartong#80 This script is useful and cool! Thanks to nicpenning for his contribution Finally, modify some code in the script according to my needs, such as loading MITRE ATT&CK v11.0
stavhaygn
added a commit
to stavhaygn/sysmon-modular
that referenced
this pull request
May 10, 2022
The source of `CompareSysmonTo-MITRE_ATTCK.ps1` script is from olafhartong#80 Thanks to the lead author, nicpenning, for his/her contribution. This script is useful and cool! Finally, modify some code in the script according to my needs, such as loading MITRE ATT&CK v11.0
stavhaygn
added a commit
to stavhaygn/sysmon-modular
that referenced
this pull request
May 11, 2022
The source of `CompareSysmonTo-MITRE_ATTCK.ps1` script is from olafhartong#80 Thanks to the lead author, nicpenning, for his/her contribution. This script is useful and cool! Finally, modify some code in the script according to my needs, such as loading MITRE ATT&CK v11.0
stavhaygn
added a commit
to stavhaygn/sysmon-modular
that referenced
this pull request
May 11, 2022
The source of `CompareSysmonTo-MITRE_ATTCK.ps1` script is from olafhartong#80 Thanks to the lead author, nicpenning, for his/her contribution. This script is useful and cool! Finally, modify some code in the script according to my needs, such as loading MITRE ATT&CK v11.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I created a script to perform a variety of functions that match this feature request: #79
To use simply:
Requires PowerShell 7+ and Windows
🤞