Artifacts: related to PrivilegedUserAccount --> |produces| AdministrativeNetworkTraffic
ioggstream opened this issue · comments
I expect
- to correlate PrivilegedUserAccount (PUA), AdministrativeNetworkTraffic(ANT)
- the concept of bastion host or administration host
- SSHService or SSHServer to be an artifact, now SSH is just an OffensiveTechnique
Notes
which ones are useful? which are redundant / too complex?
graph TD;
classDef attack stroke:red
SSH:::attack -.-> |produces| ANT
SSH -.-> |creates| SSHSession
PUA --> |TODO: creates| SSHSession
SSHSession --> |kindOf| ANT
PUA -->|TODO: accesses| TODO_AdministrationHost --> |TODO:produces| SSHSession
PUA -->|TODO:produces| ANT
This will be a good addition, would like to target 0.16.0.
We're working on some better ways to represent ontology additions, graphol is promising.
CC @ryantxu1