Merge branch 'main' of github.com:CyCat-project/cycat-project-website into main
commit
5503752fc1
1
Gemfile
1
Gemfile
|
@ -3,3 +3,4 @@ source "https://rubygems.org"
|
||||||
gem "jekyll", "~> 4.1"
|
gem "jekyll", "~> 4.1"
|
||||||
gem "jekyll-environment-variables"
|
gem "jekyll-environment-variables"
|
||||||
gem 'jemoji'
|
gem 'jemoji'
|
||||||
|
gem 'rouge'
|
||||||
|
|
|
@ -37,3 +37,8 @@ sass:
|
||||||
plugins:
|
plugins:
|
||||||
- jekyll-environment-variables
|
- jekyll-environment-variables
|
||||||
- jemoji
|
- jemoji
|
||||||
|
|
||||||
|
markdown: kramdown
|
||||||
|
highlighter: rouge
|
||||||
|
kramdown:
|
||||||
|
input: GFM
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
<link rel="icon" type="image/png" href="{{ '/images/favicon-32x32.svg' | relative_url }}">
|
<link rel="icon" type="image/png" href="{{ '/images/favicon-32x32.svg' | relative_url }}">
|
||||||
<link href="https://fonts.googleapis.com/css2?family=Playfair+Display:wght@400;700&display=swap" rel="stylesheet">
|
<link href="https://fonts.googleapis.com/css2?family=Playfair+Display:wght@400;700&display=swap" rel="stylesheet">
|
||||||
|
<link rel="stylesheet" href="/assets/css/syntax.css" type="text/css" />
|
||||||
<link href="{{ '/assets/css/style.css' | relative_url }}" rel="stylesheet">
|
<link href="{{ '/assets/css/style.css' | relative_url }}" rel="stylesheet">
|
||||||
{% if page.description %}
|
{% if page.description %}
|
||||||
<meta name="description" content="{{ page.description }}" />
|
<meta name="description" content="{{ page.description }}" />
|
||||||
|
@ -28,6 +29,5 @@
|
||||||
{% include footer.html %}
|
{% include footer.html %}
|
||||||
{% include sub-footer.html %}
|
{% include sub-footer.html %}
|
||||||
<script type="text/javascript" src="{{ "/assets/js/scripts.js" | relative_url }}""></script>
|
<script type="text/javascript" src="{{ "/assets/js/scripts.js" | relative_url }}""></script>
|
||||||
{% include google-analytics.html %}
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -16,7 +16,7 @@ by this publisher under a specific project. The CyCAT url is composed of two nam
|
||||||
## What is an UUID?
|
## What is an UUID?
|
||||||
|
|
||||||
A [universally unique identifier (UUID)](https://en.wikipedia.org/wiki/Universally_unique_identifier) is a 128-bit number used to identify information in computer systems also known as GUID.
|
A [universally unique identifier (UUID)](https://en.wikipedia.org/wiki/Universally_unique_identifier) is a 128-bit number used to identify information in computer systems also known as GUID.
|
||||||
CyCAT use such UUID to reference items produced in a collection. CyCAT, by default, will use any existing UUID already assigned by the publisher. If not present or there is no item present,
|
CyCAT uses such UUID to reference items produced in a collection. CyCAT, by default, will use any existing UUID already assigned by the publisher. If not present or there is no item present,
|
||||||
a fixed value is then calculated from the UUID namespace of CyCAT combined with `publisher-short-name:project-short-name`.
|
a fixed value is then calculated from the UUID namespace of CyCAT combined with `publisher-short-name:project-short-name`.
|
||||||
|
|
||||||
## Publisher namespace
|
## Publisher namespace
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
.highlight { background: #ffffff; }
|
||||||
|
.highlight .c { color: #999988; font-style: italic } /* Comment */
|
||||||
|
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
|
||||||
|
.highlight .k { font-weight: bold } /* Keyword */
|
||||||
|
.highlight .o { font-weight: bold } /* Operator */
|
||||||
|
.highlight .cm { color: #999988; font-style: italic } /* Comment.Multiline */
|
||||||
|
.highlight .cp { color: #999999; font-weight: bold } /* Comment.Preproc */
|
||||||
|
.highlight .c1 { color: #999988; font-style: italic } /* Comment.Single */
|
||||||
|
.highlight .cs { color: #999999; font-weight: bold; font-style: italic } /* Comment.Special */
|
||||||
|
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
|
||||||
|
.highlight .gd .x { color: #000000; background-color: #ffaaaa } /* Generic.Deleted.Specific */
|
||||||
|
.highlight .ge { font-style: italic } /* Generic.Emph */
|
||||||
|
.highlight .gr { color: #aa0000 } /* Generic.Error */
|
||||||
|
.highlight .gh { color: #999999 } /* Generic.Heading */
|
||||||
|
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
|
||||||
|
.highlight .gi .x { color: #000000; background-color: #aaffaa } /* Generic.Inserted.Specific */
|
||||||
|
.highlight .go { color: #888888 } /* Generic.Output */
|
||||||
|
.highlight .gp { color: #555555 } /* Generic.Prompt */
|
||||||
|
.highlight .gs { font-weight: bold } /* Generic.Strong */
|
||||||
|
.highlight .gu { color: #aaaaaa } /* Generic.Subheading */
|
||||||
|
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
|
||||||
|
.highlight .kc { font-weight: bold } /* Keyword.Constant */
|
||||||
|
.highlight .kd { font-weight: bold } /* Keyword.Declaration */
|
||||||
|
.highlight .kp { font-weight: bold } /* Keyword.Pseudo */
|
||||||
|
.highlight .kr { font-weight: bold } /* Keyword.Reserved */
|
||||||
|
.highlight .kt { color: #445588; font-weight: bold } /* Keyword.Type */
|
||||||
|
.highlight .m { color: #009999 } /* Literal.Number */
|
||||||
|
.highlight .s { color: #d14 } /* Literal.String */
|
||||||
|
.highlight .na { color: #008080 } /* Name.Attribute */
|
||||||
|
.highlight .nb { color: #0086B3 } /* Name.Builtin */
|
||||||
|
.highlight .nc { color: #445588; font-weight: bold } /* Name.Class */
|
||||||
|
.highlight .no { color: #008080 } /* Name.Constant */
|
||||||
|
.highlight .ni { color: #800080 } /* Name.Entity */
|
||||||
|
.highlight .ne { color: #990000; font-weight: bold } /* Name.Exception */
|
||||||
|
.highlight .nf { color: #990000; font-weight: bold } /* Name.Function */
|
||||||
|
.highlight .nn { color: #555555 } /* Name.Namespace */
|
||||||
|
.highlight .nt { color: #000080 } /* Name.Tag */
|
||||||
|
.highlight .nv { color: #008080 } /* Name.Variable */
|
||||||
|
.highlight .ow { font-weight: bold } /* Operator.Word */
|
||||||
|
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
|
||||||
|
.highlight .mf { color: #009999 } /* Literal.Number.Float */
|
||||||
|
.highlight .mh { color: #009999 } /* Literal.Number.Hex */
|
||||||
|
.highlight .mi { color: #009999 } /* Literal.Number.Integer */
|
||||||
|
.highlight .mo { color: #009999 } /* Literal.Number.Oct */
|
||||||
|
.highlight .sb { color: #d14 } /* Literal.String.Backtick */
|
||||||
|
.highlight .sc { color: #d14 } /* Literal.String.Char */
|
||||||
|
.highlight .sd { color: #d14 } /* Literal.String.Doc */
|
||||||
|
.highlight .s2 { color: #d14 } /* Literal.String.Double */
|
||||||
|
.highlight .se { color: #d14 } /* Literal.String.Escape */
|
||||||
|
.highlight .sh { color: #d14 } /* Literal.String.Heredoc */
|
||||||
|
.highlight .si { color: #d14 } /* Literal.String.Interpol */
|
||||||
|
.highlight .sx { color: #d14 } /* Literal.String.Other */
|
||||||
|
.highlight .sr { color: #009926 } /* Literal.String.Regex */
|
||||||
|
.highlight .s1 { color: #d14 } /* Literal.String.Single */
|
||||||
|
.highlight .ss { color: #990073 } /* Literal.String.Symbol */
|
||||||
|
.highlight .bp { color: #999999 } /* Name.Builtin.Pseudo */
|
||||||
|
.highlight .vc { color: #008080 } /* Name.Variable.Class */
|
||||||
|
.highlight .vg { color: #008080 } /* Name.Variable.Global */
|
||||||
|
.highlight .vi { color: #008080 } /* Name.Variable.Instance */
|
||||||
|
.highlight .il { color: #009999 } /* Literal.Number.Integer.Long */
|
11
faq.md
11
faq.md
|
@ -124,9 +124,9 @@ Ideally, only resource owners should be able to apply for a namespace and progra
|
||||||
|
|
||||||
### Identifiers For Techniques vs. Tools
|
### Identifiers For Techniques vs. Tools
|
||||||
|
|
||||||
_Will identifiers be assigned for both techniques (e.g. password spraying) and tools embodying them?
|
_Will identifiers be assigned for both techniques (e.g. password spraying) and tools embodying them?_
|
||||||
|
|
||||||
Is there a namespace for these to exist in? i.e. identifier `1234` for `tools/passwordspray/Office365/foobar` v. `vulns/heartbleed/poc-python`. If not, I wonder how duplication/overlap checking will be handled when there are 1.000 or 10.000 identifiers._
|
_Is there a namespace for these to exist in? i.e. identifier `1234` for `tools/passwordspray/Office365/foobar` v. `vulns/heartbleed/poc-python`. If not, I wonder how duplication/overlap checking will be handled when there are 1.000 or 10.000 identifiers._
|
||||||
|
|
||||||
A taxonomy (e.g. ATT&CK) will have its own namespace. Within that namespace, techniques will have their own identifiers. Tools will also have their own UUIDs and in a future iteration of CyCAT, links will be made between the two so users will be able to select all tools that support a certain technique. Users will also be able to obtain coherent ‘packages’ covering the techniques they are interested in and the related tools and to which areas or scopes they apply.
|
A taxonomy (e.g. ATT&CK) will have its own namespace. Within that namespace, techniques will have their own identifiers. Tools will also have their own UUIDs and in a future iteration of CyCAT, links will be made between the two so users will be able to select all tools that support a certain technique. Users will also be able to obtain coherent ‘packages’ covering the techniques they are interested in and the related tools and to which areas or scopes they apply.
|
||||||
|
|
||||||
|
@ -182,7 +182,6 @@ As for the `identify` scope in the taxonomy, it corresponds to the corresponding
|
||||||
|
|
||||||
_To make CyCAT a success, one important element is relationships between entries, on an object level, but also between objects and object types. More concretely, a possibility to specify a relationship such as "rule A is of type Sigma rule" and another relation that specifies "Tool X converts Sigma rules into queries" or ‘Rule B -> Yara Rule -> Tool B scans for Yara matches in the file system/memory’ would be essential._
|
_To make CyCAT a success, one important element is relationships between entries, on an object level, but also between objects and object types. More concretely, a possibility to specify a relationship such as "rule A is of type Sigma rule" and another relation that specifies "Tool X converts Sigma rules into queries" or ‘Rule B -> Yara Rule -> Tool B scans for Yara matches in the file system/memory’ would be essential._
|
||||||
|
|
||||||
|
|
||||||
As mentioned in the [CyCAT white paper](https://cycat.org/services/whitepaper/):
|
As mentioned in the [CyCAT white paper](https://cycat.org/services/whitepaper/):
|
||||||
|
|
||||||
> Finally, the system will, in a future iteration, facilitate interlinking resources that could be used in conjunction for an improved capability in coherent “packages”. Such “packages’’ could then be deployed by less mature entities as plug-and-play solutions to save time and defend themselves properly, while avoiding the pitfalls resolved by early adopters or more mature organisations.
|
> Finally, the system will, in a future iteration, facilitate interlinking resources that could be used in conjunction for an improved capability in coherent “packages”. Such “packages’’ could then be deployed by less mature entities as plug-and-play solutions to save time and defend themselves properly, while avoiding the pitfalls resolved by early adopters or more mature organisations.
|
||||||
|
@ -205,11 +204,9 @@ Our aim is to use CyCAT as a vehicle to make concrete steps to ‘weed the jungl
|
||||||
|
|
||||||
### Tool Capability Specification
|
### Tool Capability Specification
|
||||||
|
|
||||||
_There is a need to specify the capabilities of tools.
|
_There is a need to specify the capabilities of tools. Does a Yara scanner scan only files? Or also memory? How is the maturity level of the functionality? To support this, the taxonomy needs to be extended. e.g. a tool entry in CyCAT should contain information such as `capability:file-scan=stable, capability:memory-scan=experimental`._
|
||||||
|
|
||||||
Does a Yara scanner scan only files? Or also memory? How is the maturity level of the functionality? To support this, the taxonomy needs to be extended. e.g. a tool entry in CyCAT should contain information such as `capability:file-scan=stable, capability:memory-scan=experimental`.
|
_This should be kept optional, to make contributions to CyCAT easy, but it would be a great resource to pick the best tool for a specific use case. This could be accomplished with additional taxonomies which could be used to tag CyCAT items._
|
||||||
|
|
||||||
This should be kept optional, to make contributions to CyCAT easy, but it would be a great resource to pick the best tool for a specific use case. This could be accomplished with additional taxonomies which could be used to tag CyCAT items._
|
|
||||||
|
|
||||||
This is a great suggestion. We need to think carefully as to how to take it into account in the taxonomy, in a simple, elegant way. Specifying a taxonomy’s type capability, be it a tool, a rule (`endpoint-detection only`, `network-detection only`) or a mitigation (`full`, `partial`) will indeed help the community pick the best entry for the task at hand or know its limitations if any.
|
This is a great suggestion. We need to think carefully as to how to take it into account in the taxonomy, in a simple, elegant way. Specifying a taxonomy’s type capability, be it a tool, a rule (`endpoint-detection only`, `network-detection only`) or a mitigation (`full`, `partial`) will indeed help the community pick the best entry for the task at hand or know its limitations if any.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue