Duplicate value for applicable_to

[RobbeVandenDaele]

Hi,

I have a techniques file with a lot of detections related to certain data sources per technique. When I try to upload the file in the DeTT&CT Editor I get errors saying "A duplicate value for 'applicable_to' was found within the detection section if technique : ''"

When checking the file, I do not find any duplicate value for the 'applicable_to' property within one technique. I also see that the 'applicable_to' field that is being shown in the error is not the real 'applicable_to' field but only the first character:

Can it be that this is a bug in the editor? Or is my techniques file really not correct? I will drop my techniques file so the issue can be reproduced.
techniques_new.txt

Thank you in advance.
Kind regards
Robbe

[rubinatorz]

Hi @RobbeVandenDaele

The applicable_to value should be a list. So if you convert for example:

- applicable_to: WAF

to

- applicable_to: [WAF]

And do that for all items, then it should work.

The Editor is quite strict in this. The CLI python tool is more tolerant, but will give a warning:

[!] The below YAML file contains possible errors. It's recommended to check via the '--health' argument.

And if you do a health check, you'll see:

[!] Technique ID: T1190 the key-value pair 'applicable_to' in 'detection' is NOT a list