Data sources missing

Question

Data sources missing

irivera007 opened this issue 3 years ago · 4 comments

HI,

When running in docker or locally, Im unable to see more data sources for instance "AWS CloudTrail logs" from the drop menu:

any idea on what am I missing?

Answer 1 · 2021-06-25T10:30:32.000Z

hi @irivera007

"AWS CloudTrail logs" is a data source from the previous ATT&CK version (8.0 and before). MITRE restructured and renewed the data sources in version 9.0 and "AWS CloudTrail logs" in not in there.

Answer 2 · 2021-07-12T16:00:09.000Z

I found a similar Data Source missing issue when looking at:

Logon Session Termination
Scheduled Job Deletion

Other Logon Session data components and Scheduled Job data components were available in the Editor but not those two.

Answer 3 · 2021-07-13T06:09:44.000Z

hi @beerMT,

Those 2 data sources are indeed part of ATT&CK v9, but there are no (sub) techniques referencing to this data sources. That's why you don't see those data sources in the Editor. Those data sources would not reflect any visibility on (sub) techniques (yet).

Answer 4 · 2021-07-14T03:49:40.000Z

Good catch, thanks for clarification.