[Security Solution] Updates MITRE ATT&CK framework to v14.1#174120
[Security Solution] Updates MITRE ATT&CK framework to v14.1#174120dplumlee merged 12 commits intoelastic:mainfrom
v14.1#174120Conversation
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
buildkite test this |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
jpdjere
left a comment
There was a problem hiding this comment.
Looks good - LGTM 👍
Just to understand this cadence a little more clearly: is there a fixed amount of time/releases in which this update needs to be done? Do we get pinged by Kseniia or the TRADE team?
|
@jpdjere We're still figuring out the process of syncing with the TRADE team for serverless releases, but for ESS releases, we are notified by the TRADE team/product that they are updating the rules package to use a new version of the MITRE framework and we run this script for the corresponding kibana release. @banderror I manual tested both of those scenarios and all the specific ones we've found bugs in over the past couple months, no bugs found. I also opened this docs ticket for updating the version reference in the documentation. |
|
@elasticmachine merge upstream |
|
merge conflict between base and head |
|
@dplumlee and @banderror - TRaDE is ready to merge in our ATT&CK changes. Are we good to do so downstream? |
|
@terrancedejesus This should now pass the new MITRE tests we added last release and be good to go for release whenever. |
|
Waiting on elastic/detection-rules#3289 to be merged and will merge this alongside. cc @terrancedejesus |
|
@dplumlee Sorry, this is not correct. I posted my thoughts about coordinating this release in the slack thread. |
v14.0v14.1
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @dplumlee |
## Summary Addresses: #166152 for `8.15.0` [Flaky test runner result (internal)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5996) Updates MITRE ATT&CK mappings to `v15.1`. Last update was to `v14.1` in #174120. To update, I modified https://github.com/elastic/kibana/blob/44e38acd71a7a64fb0df08f01ff9abfada1fec1c/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js#L22 to point to the `ATT&CK-v15.1` tag. Then ran `yarn extract-mitre-attacks` from the root `security_solution` plugin directory, and then `node scripts/i18n_check.js --fix` from Kibana root to regen the i18n files. ## Acceptance Criteria - [x] User can map and use new MITRE techniques in Security Solution - [ ] The user-facing documentation is updated with the new version (elastic/security-docs#5222) - [ ] [MITRE ATT&CK® coverage](https://www.elastic.co/guide/en/security/master/rules-coverage.html) page ## Test Criteria - [x] Verify that new techniques (see the changelog link above) are available for mapping on the Rule Creation page under "Advanced settings" - [x] Verify that new techniques are available on the MITRE ATT&CK coverage page ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Resolves: #171680
Summary
Addresses: #166152 for
8.14.0and #171680Flaky test runner result (internal)
Updates MITRE ATT&CK mappings to
v14.1. Last update was tov13.1in #166536.To update, I modified
kibana/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js
Line 22 in b0c6cc9
to point to the
ATT&CK-v14.1tag.Then ran
yarn extract-mitre-attacksfrom the rootsecurity_solutionplugin directory, and thennode scripts/i18n_check.js --fixfrom Kibana root to regen the i18n files.Acceptance Criteria
Test Criteria
For maintainers