Bug: Atomic import missing (not displayed) TTPs #285
Description
Describe the bug
When importing the atomics from Atomic Red Team, it appears that atomics that are the same name are "missing" (not displayed) from the Edit Campaign panel. This is made more difficult by the limited filtering options (#219) available to users when searching for TTPs.
Below is a list of atomics that include some duplicate and, in one instance, triplicate entries.
┌─[a@DESKTOP-L9U1JK2] - [~/atomic-red-team/atomics]
└─[$] <git:(master)> grep --exclude-dir=Indexes --include=\*.yaml -ir -P "(?<=- name: ).*" . | sort | uniq -c | sort -nr
3 ./T1082/T1082.yaml:- name: System Information Discovery
2 ./T1087.001/T1087.001.yaml:- name: Enumerate users and groups
2 ./T1070.002/T1070.002.yaml:- name: rm -rf
2 ./T1048/T1048.yaml:- name: Exfiltration Over Alternative Protocol - SSH
2 ./T1048.003/T1048.003.yaml:- name: Exfiltration Over Alternative Protocol - HTTP
2 ./T1037.004/T1037.004.yaml:- name: rc.common
2 ./T1033/T1033.yaml:- name: System Owner/User Discovery
2 ./T1014/T1014.yaml:- name: Loadable Kernel Module based Rootkit
To Reproduce
- Import the Atomic Red Team
- Go to
Campaign Library - Click
New Campaign - Search for any of the above TTPs, there will only be a single instance
This could be more widespread throughout the application. But this is the only place I've really tried to look into this issue.
Expected behavior
View all TTPs searched for
Screenshots
rc.common
- Only a single instance identified.
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.yaml
- There are 2 different TTPs with the same name
97a48daa-8bca-4bc0-b1a9-c1d163e762deandc33f3d80-5f04-419b-a13a-854d1cbdbf3a
Enumerate users and groups
- Only a single instance identified
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.yaml
- There are 2 different TTPs with the same name
e6f36545-dc1e-47f0-9f48-7f730f54a02eand319e9f6c-7a9e-432e-8c62-9385c803b6f2
User Platform(please complete the following information):
- OS: Windows 11
- Browser: Firefox
- Version: 130.0.1 (64-bit)
VECTR Host(please complete the following information):
- Linux Distro: Ubuntu
- Linux Version: 22.04.5 LTS
- VECTR Version: 9.4.0
Additional context