Skip to content

Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same #1514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 6, 2021
Merged

Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same #1514

merged 7 commits into from
Oct 6, 2021

Conversation

shreyamalviya
Copy link
Contributor

@shreyamalviya shreyamalviya commented Oct 6, 2021
edited
Loading

What does this PR do?

Fixes #1480 and fixes #1511

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running the Island.

  • If applicable, add screenshots or log transcripts of the feature working

image
image

@codecov
Copy link

codecov bot commented Oct 6, 2021
edited
Loading

Codecov Report

Merging #1514 (5be841d) into develop (e80662f) will increase coverage by 0.00%.
The diff coverage is 50.00%.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop    #1514   +/-   ##
========================================
  Coverage    42.99%   42.99%           
========================================
  Files          477      477           
  Lines        14173    14170    -3     
========================================
- Hits          6094     6093    -1     
+ Misses        8079     8077    -2
Impacted Files Coverage Δ
...land/cc/services/attack/technique_reports/T1146.py 100.00% <ø> (+9.09%) ⬆️
...land/cc/services/attack/technique_reports/T1156.py 100.00% <ø> (+9.09%) ⬆️
...land/cc/services/attack/technique_reports/T1504.py 100.00% <ø> (+9.09%) ⬆️
...services/attack/technique_reports/pba_technique.py 44.00% <0.00%> (ø)
...ey/infection_monkey/telemetry/post_breach_telem.py 65.21% <66.66%> (+0.21%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e80662f...5be841d. Read the comment docs.

mssalvatore
mssalvatore reviewed Oct 6, 2021
View reviewed changes
CHANGELOG.md Outdated
@@ -48,6 +48,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
the config successfully now.) #1490
- Mimikatz collector no longer fails if Azure credential collector is disabled. #1512 #1493
- Unhandled error when "modify shell startup files PBA" is unable to find regular users. #1507
- ATT&CK report bug that showed a different technique's results under a technique if the PBA behind
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- ATT&CK report bug that showed a different technique's results under a technique if the PBA behind
- ATT&CK report bug that showed a different techniques' results under a technique if the PBA behind

@shreyamalviya
Copy link
Contributor Author

After 5be841d:

For PBAs with multiple entries in results:
image
And for PBAs with a single entry in results:
image

ilija-lazoroski
ilija-lazoroski approved these changes Oct 6, 2021
View reviewed changes
Copy link
Contributor

@ilija-lazoroski ilija-lazoroski left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works. Nicely done.

image

And #1511

image

@mssalvatore mssalvatore merged commit c3ea714 into develop Oct 6, 2021
@mssalvatore mssalvatore deleted the pba-attack-telemetry branch October 6, 2021 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore left review comments

@ilija-lazoroski ilija-lazoroski ilija-lazoroski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Modify shell startup files is not reported correctly Buggy telemetry processing for ATT&CK techniques mapped to the same PBA
3 participants
@shreyamalviya @ilija-lazoroski @mssalvatore