Artifacts: related to PrivilegedUserAccount --> |produces| AdministrativeNetworkTraffic

Question

Artifacts: related to PrivilegedUserAccount --> |produces| AdministrativeNetworkTraffic

ioggstream opened this issue a year ago · comments

Roberto Polli commented a year ago

I expect

to correlate PrivilegedUserAccount (PUA), AdministrativeNetworkTraffic(ANT)
the concept of bastion host or administration host
SSHService or SSHServer to be an artifact, now SSH is just an OffensiveTechnique

Notes

which ones are useful? which are redundant / too complex?

graph TD;

classDef attack stroke:red

SSH:::attack -.-> |produces| ANT
SSH -.-> |creates| SSHSession

PUA --> |TODO: creates| SSHSession
SSHSession --> |kindOf| ANT
PUA -->|TODO: accesses| TODO_AdministrationHost --> |TODO:produces| SSHSession 
PUA -->|TODO:produces| ANT

Peter Kaloroumakis · Answer 1 · Fri Apr 26 2024 09:54:47 GMT+0800 (China Standard Time)

This will be a good addition, would like to target 0.16.0.

We're working on some better ways to represent ontology additions, graphol is promising.

CC @ryantxu1