Request - XLSX conversion to Yaml
robotbond opened this issue · 5 comments
Hi Marcus,
First of all, it's an absolutely fantastic tool from IR and hunting standpoint.Thanks for building it.
I'm editing inside Data Source and Techniques Xlsx files and looking for a way to convert those to yaml and then to json. I've tried converting xlsx to yaml using a python script but the output file wasn't supported by DeTTECT.
What is the best workaround for this issue ?
By the way, GUI editor looks good but I'm not sure if it's really useful as its definitely takes longer to fill than in excel.
Regards,
Nitin
Hi Nitin,
I'm glad to hear you find it useful. Thanks! :-)
We support two ways of filling in the data source and techniques YAML files. One is by doing this via a text editor (use one that you like that preferably has syntax highlighting). And more recently, we released the DeTT&CT Editor to make the process less cumbersome and getting rid of syntax errors while manually editing the YAML file.
Populating the files the first time takes some time indeed. Every update should take you less time if done regularly.
We also looked into the possibility of using Excel. However, due to all the nesting in the techniques administration file, this is not a usable format.
Regards,
Marcus
Thanks for the information Marcus.
Hi Marcus,
Came across to an issue so thought to reopen my previous thread. For Att&ck enterprise there are 266 techniques available on Mitre but in DeTTECT there are only 171, is there a reason why is it not updated ? Some of the techniques like T1009 - Binary passing are quite old, just wondering why those techniques are not there in the tool.
Regards,
Nitin
Hi Nitin,
The techniques you see in the techniques-administration-endpoints.yaml are sample-data. It contains the techniques that were mapped based on the data-sources-endpoints.yaml sample file. When you start with filling in the empty data sources file (data-sources-empty.yaml), you then can generate the techniques YAML file with the option --yaml. The generated techniques file will then contain techniques that were derived from the data sources.
Regards,
Ruben
Thanks Ruben