Comments (7)
Thank you for your comment.
The discrepancy should be due to the data sources that are used to populate BRON:
- When you deploy BRON locally you download data from the data sources.
- The public version of BRON currently only updates the data sources with intermittent frequency
- The data sources used in BRON are constantly updated with different frequencies, e.g. CVEs are reported more often than ATT&CK tactics
We will check the update frequency of the public BRON instance
from bron.
If that was the case, the local deployment should have returned more CVEs then.
But it returns less.
Am i missing something?
from bron.
Hmm, let me rebuild my local BRON to see if I can replicate it
from bron.
Thanks for your help.
I run this query:
LET target = ["CVE-2020-0681", "CVE-2020-0885","CVE-2019-0698", "CVE-2019-0726","CVE-2023-38408","CVE-2020-14145","CVE-2022-20724","CVE-2021-34699","CVE-2008-4963"]
FOR c IN cve
FOR target_element IN target
Filter c.original_id==target_element
FOR cw IN CweCve
FOR cwee in cwe
FOR each_capec IN CapecCwe
FOR cp in capec
FOR tc IN TechniqueCapec
FOR t in technique
Filter cw._to == c._id
AND cw._from==cwee._id
AND each_capec._to==cw._from
AND each_capec._from==cp._id
AND tc._to == each_capec._from
AND tc._from == t._id
COLLECT cveid=c.original_id,
cd = c.metadata.description,
cweid=cwee.original_id,
cwe_n=cwee.name,
capecid = cp.original_id,
capec_n=cp.name,
ttpid = t.original_id,
ttn = t.name
SORT cveid DESC
RETURN {
cve_id: cveid,
cve_description: cd,
cwe_id : cweid,
cwe_name : cwe_n,
capec_id : capecid,
capec_name : capec_n,
technique_id: ttpid,
technique_name: ttn
}
from bron.
I also just saw that the local implementation has 314,886 edges while the public version has 33,382,276.
Also the collection of CWECVE is much much larger (i assume same goes for the rest of the collections)
from bron.
Yes, I see the same now when my local BRON is built. The public BRON might be stale. I am investigating it now.
from bron.
Thank you for your comments!
from bron.
Related Issues (20)
- Steps in order to populate a local arangodb HOT 1
- BRON\example_data\example_input_data\starting_point_tactic.csv Why does the file have no data? HOT 1
- FileNotFoundError: [Errno 2] No such file or directory: 'example_data/example_input_data/tactic_id_name_map.json'
- Getting capec_id instead of bron_id in the final Graph
- ModuleNotFoundError: No module named 'meta_analysis' HOT 2
- Is BRON contains mobile tactics on MITRE ATT&CK ? HOT 2
- Duplicates in cve collection? HOT 1
- Cannot download threat info through neither docker's "bootstrap" nor "build_bron.py" manually. HOT 6
- About the error when parsing CAPEC and CWE connection. The error message is the same as before, indicating that the specified column cannot be found in the DataFrame. HOT 3
- TechniqueCapec.json is empty HOT 3
- CVE-2017-0146 Eternal Blue associated cpe is empty HOT 6
- In the CweCve edge collection file, all '_from' are linked to 'cwe_02029' locally
- Bootstrap docker cannot populate DB HOT 1
- Lot's of incorrect linkings from CWE to CVE HOT 6
- D3fend Mitigation JSON Schema Error HOT 3
- Check the timestamp of threat data sources
- Error start bootstrap container for BRON HOT 1
- Add BRON paper reference to README
- Populate the webpage
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bron.