-
Platform
- Authentication - Users can login
- [~] Authorisation - Users only have access to particular projects
- Account provisioning
- Creating engagements
- [~] Interface with Git KB
- Interface with Twilight (via export functionality?)
- Dirty bootstrap UI
- Configuration file
- Logging
-
Engagement management
- Creating / Editing / Delete
- Prompt / Warn on deletion
- Alter access controls / perms per user
-
Engagement
- [~] Import test cases from repository
- Import test cases from MitreLayer dump
- Delete test case
- Duplicate test case
-
Test cases
- General
- Name
- Tagging
- Sigma rules
- Red
- Case start / stop
- Phase
- Source
- Target(s)
- TTP Boilerplate description
- Execution description
- Command description
- Technique number
- Red tools
- Evidence
- Blue
- Outcome
- Prevention level
- Detection level
- Blue tools
- Freeform text for SIEM event IDs / links etc.
- Evidence
- Target / source / red+blue tool bank / selection modals
- General
-
Platform
- IP whitelisting
- Pretty up UI
- Teams / slack integrations
-
Engagement management
- Renaming
- Duplicate
- Delete
- Import from template
- Export to template
- Start / end engagement overall timeline
-
Engagement
- Attack / escalation path mindmap
- Timeline
-
Test cases
- [~] Pull fresh content / sync from git
- Push to approval / review queue to update KB
- JS lib for image cropping / redacting / highlighting evidence inline