Skip to content

Common: Allow '.' characters in Event tags #3676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 12, 2023
Merged

Common: Allow '.' characters in Event tags #3676

merged 1 commit into from
Sep 12, 2023

Conversation

mssalvatore
Copy link
Collaborator

The MITRE ATT&CK framework identifies subtechniques by using a '.' to separate the technique ID from the subtechnique ID. For example, the technique "Defacement" has the ID T1491, whereas the subtechnique "Internal Defacement" has the ID T1491.001.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Do all unit tests pass?
  • Do all end-to-end tests pass?
  • Any other testing performed?

    Tested by {Running the Monkey locally with relevant config/running Island/...}

  • If applicable, add screenshots or log transcripts of the feature working

@mssalvatore mssalvatore force-pushed the allow-dot-in-event-tags branch from 5eb471c to 9c9c0f2 Compare September 12, 2023 18:12
@mssalvatore
Common: Allow '.' characters in Event tags
179ed52 
The MITRE ATT&CK framework identifies subtechniques by using a '.' to
separate the technique ID from the subtechnique ID. For example, the
technique "Defacement" has the ID T1491, whereas the subtechnique
"Internal Defacement" has the ID T1491.001.

Allowing '.' characters in tags allows us to specify MITRE ATT&CK
subtechniques without performing any translation.

PR #3676
@mssalvatore mssalvatore force-pushed the allow-dot-in-event-tags branch from 9c9c0f2 to 179ed52 Compare September 12, 2023 18:16
@mssalvatore mssalvatore merged commit ab44c57 into develop Sep 12, 2023
@mssalvatore mssalvatore deleted the allow-dot-in-event-tags branch September 12, 2023 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cakekoa cakekoa cakekoa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mssalvatore @cakekoa