d3fend/d3fend-ontology

ATT&CK technique tactics should be kept in sync with the ATT&CK release

Opened this issue · 1 comments

In older versions of ATT&CK, techniques like T1216 and T1218 were classified under both "defense evasion" and "execution", but since ATT&CK 7.0-15.0 they have been classified under "defense evasion" (e.g https://attack.mitre.org/versions/v15/techniques/T1218/).

I think when the script to synchronize ATT&CK into d3fend is run on a new ATT&CK release from the STIX, the tactical phase is not synchronized. So it will accrete new tactics, not remove ones that aren't relevant anymore.

Solution will necessitate some upgrades to the synchronization script.

Might be something to consider https://robot.obolibrary.org/template.html