Problem importing threat-actor-data at Editor

Question

Problem importing threat-actor-data at Editor

spookerlabs opened this issue 4 years ago · 1 comments

I tried to import some samples from https://github.com/rabobank-cdc/DeTTECT/tree/master/threat-actor-data but only one seems working fine at the Editor is ASCS.

For example https://raw.githubusercontent.com/rabobank-cdc/DeTTECT/master/threat-actor-data/20200220-FireEye.yaml

ASCS works fine https://raw.githubusercontent.com/rabobank-cdc/DeTTECT/master/threat-actor-data/20200520-ASCS.yaml

Just updated to 1.3.1 and the same problem as 1.3.0. It seems like only parsing techniques in the same line and not multiline.

Thanks

Answer 1 · 2020-06-22T17:40:16.000Z

Hi Rodrigo,

The ACSC Group file has no weighted score as it only includes a list of techniques. However, the one from FireEye has weighted scores. The latter type of YAML Group file cannot, yet, be edited by the Editor. It's on the roadmap.

Regards,
Marcus