How to map a VST to any classification system
Verified Security Tests can be mapped to classification systems, such as MITRE ATT&CK, CVE or NIST controls. Mapping tests provides a natural grouping so you can analyze results through a lens you're familiar with.
Prelude-authored VSTs are written against rules and are mapped automatically. Each rule represents a statement about the surface area of an endpoint.
To view current mappings, run the
prelude detect tests command from the CLI. Below is a snippet from the results:
For tests you author, you can map them to additional classification systems.
Mapping a test
To map a test, use the
map command in the CLI. The following command maps a test identifier to MITRE ATT&CK sub technique T1015.001:
prelude build map <TEST_ID> T1015.001
Unmapping a test
You can remove a mapping through the
prelude build unmap <TEST_ID> T1015.001
Updated 24 days ago