Support NIDS and WAF via new 'network traffic content' relationship

Question

Support NIDS and WAF via new 'network traffic content' relationship

hxnoyd opened this issue 3 years ago · comments

Hello.

With the new DS structure NIDS and WAF are no longer available. A new relationship could be created in order to improve the mapping with alert related events:

Data source: Network Traffic
Data component: network traffic content
Relationship:

  - source_data_element: network traffic        
    relationship: triggered        
    target_data_element: alert

Thanks in advance.

jcwilliamsATmitre · Answer 1 · Mon May 24 2021 22:30:12 GMT+0800 (China Standard Time)

Hey @hxnoyd!

Hmm yeah I see what you are getting at. I'm not sure this is something we would add though, since alert could apply as a relationship to (almost) every DS in the same fashion, since the level of abstraction is related to what kind of data (elements) are we referring to.

We'll think about it more, and definitely share more thoughts in opinions. Thanks!

jcwilliamsATmitre · Answer 2 · Fri Oct 22 2021 00:27:26 GMT+0800 (China Standard Time)

Circling back to this, we have published the first release of the data sources - https://attack.mitre.org/datasources/ but will consider this feedback for future releases. I'll reach out to directly as needed.

Thanks again!