• Tree nodes have an optional field, "Presented Itself As" that is intended to be used as a placeholder for how the particular MITRE ATT&CK ID node presented itself as a vulnerability in the scenarios.

• The current deployment instructions are for setting up all facets of ETM
• Create a "quick setup" wiki page for getting up and running quickly for testing/experimentation

• Nodes that belong within the same scenario should be linked within the newly generated threat tree

• README Images and application usage examples have become a little outdated
  • This should be revised to incorporate application UI changes

• Need to bring in swagger API documentation
  • Needs to require authentication to view/use

• Work on the Wiki element of this repository

Implement unit tests to enable regression testing to ensure features remain intact during development.

The sliding menu that houses the various MITRE ATT&CK IDs you can select from has a back button that is the previously selected item in the menu system. Find a way to make it more clear that it is a back button.

Create event API endpoint complains that there is no parameterless constructor for Node objects when attempting to deserialize an event with a graphNode that is anything other than Null.

When saving a graph as png for a scenario that has a title which contains a special character (apostrophe was observed causing issue) then the file will not save appropriately.

• Add an API for creating an assessment that returns the assessment ID and an API key
  • Uses an API key that only allows for assessment creation
• API key is scoped to that assessment
  • API key is able to do full CRUD operations on that scoped assessment
• Alter the API key permissions string to include assessment ID

When applying a filter during the MITRE ATT&CK ID selection process within an event, if the user is currently under a tactic that the filter does not match, your effective back button is removed.

testing

To enhance the data collection and metric functionalities we will want to introduce customer/client metadata to each assessment.

To avoid too many data issues, this will become it's own collection with the assessmentId as the foreign key.

• If the configured LDAP server is not found, and a user attempts to login via LDAP, handle the error and inform the user

Explanation

To enable branching in attack narratives, enable scenarios to be nested under each other.

• To present the graph of the parent, or children scenarios: Begin with the parent, and then branch into the children routes
• To present the threat matrix deliverable: Make a narrative combining the parent with each branch

Example

• Parent: Attacker achieves initial access through a hardware implant and is able to capture relayed domain credentials
  • Child1: Attacker utilizes relayed domain credential to abuse ADCS misconfigurations and execute a DCSync
  • Child2: Attacker utilizes relayed domain credential to abuse CVE-2021-36942, gain DA privileges, and deploy ransomware to environment

Graph

graph TD;
    Parent1-->Child1;
    Parent1-->Child2;

Threat Matrix

• Give a lesser collection of colors for categories to choose from and allow for an expanded set as well

For the purpose of integrating with reporting tools (WriteHat) there will need to be an ability to save the graph you've built for a scenario.

• When you click "save" the graph variants will be saved to a DB collection

{
    "bson_id": "String", // Identifier for the graph record (primary key)
    "scenario_id": "String", // Id of the scenario the graph is associated with (foreign key)
    "scenario_title": "String", // Name of the scenario the graph is associated with
    "assessment_id": "String", // Id of the assessment the graph is associated with (foreign key)
    "assessment_title": "String", // Name of the assessment the graph is associated with
    "b64-white": "String", // b64 encoding of the white background graph version
    "b64-black": "String", // b64 encoding of the black background graph version
    "positions": "String", // Potential column containing the individual node positions in the D3 graph
    "created_by": "String", // Authenticated user that created the record
    "created_on": "Date", // Time record was created
    "last_updated_by": "String", // Authenticated user that most recently modified the record
    "last_updated_on": "Date", // Time record was most recently modified
}

• To retrieve your graph, an API will need to be created that will facilitate the retrieval (requires authorization key)

  • /api/Graphs/getGraphs
  • /api/Graphs/getGraphsByAssessment?id=String
  • /api/Graphs/getGraphById?id=String
  • /api/Graphs/getGraphByScenario?id=String

• The default behavior is to download the graph when you click save, this will be removed in place of the above saving functionality

• To download directly from ETM, a new button and select box will be needed to download the saved graphs