Comments field in Yaml file are not being output to json

Question

Comments field in Yaml file are not being output to json

ChrisFursty opened this issue 5 years ago · 4 comments

Hi,

When attempting to map detection capabilities with the below command:
python3 dettect.py g -g g0022 -o sample-data/techniques-administration-endpoints.yaml -t detection

The comments field in the yaml file are not displayed in the generated json file. For example:

- technique_id: T1222
  technique_name: File Permissions Modification
  detection:
    applicable_to: [all]
    location:
    - ''
    comment: 'This is a test'
    score_logbook:
    - date:
      score: 1
      comment: 'This is a test'
  visibility:
    applicable_to: [all]
    comment: ''
    score_logbook:
    - date: 2019-03-01
      score: 1
      comment: 'This is a test'
      auto_generated: true

I am trying to add our internal detection rule names to the comment field so that it makes it easier for us to determine from the output which rules are covering the technique.

Answer 1 · 2020-04-06T15:19:07.000Z

hi @ChrisFursty,

That's right, comments are currently not incorporated in the metadata of overlay layer files. But we like your idea and we will put it on our backlog for the next release.

Answer 2 · 2020-04-06T16:04:26.000Z

In addition to my comment above. You can put the internal detection names in the location field. That’s the purpose of that field. We will also considerate adding the location field to the metadata of the overlay layer.

Answer 3 · 2020-04-06T16:17:07.000Z

Thanks, that will be helpful! I have made a workaround in the meantime.

Answer 4 · 2020-06-22T12:44:55.000Z

hi @ChrisFursty,

We just released a new version of DeTT&CT where we included comment + location fields in the metadata of techniques in the layer file. Hope you like it ;-)

Regards,
Ruben