Skip to content
GitHub

Data Import

Template Data

VECTR template data is intended to be shared and reused within your organization. SRA shares some public VECTR template content, and you may choose to use this content, other shared community content, or share and contribute your own content for other VECTR users.

Since templates can be considered a recipe or pre-planned structure for executing a Purple Team, it makes sense to share and reuse these rather than reinventing the wheel.

Importing Data in VECTR is accomplished by navigating to Library -> Import Data.

VECTR Local Test Cases

SRA Threat Simulation Indexes

See topic here: https://docs.vectr.io/user/threat-sim-indexes/

Atomic Red Team YAML

https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/Indexes/index.yaml

Template Data Import - Atomic Red Team content is procedurally complete and includes automation specification. A walkthrough of using VECTR's automation is provided here https://docs.vectr.io/vxf/endtoend/

Non-template Data Import - Additionally, VECTR can import live data logs generated from the Invoke-Atomicredteam project if using the ATTiRe logging module https://github.com/SecurityRiskAdvisors/invoke-atomic-attire-logger/

MITRE Enterprise ATT&CK CTI JSON

VECTR can import STIX data from the MITRE Enterprise ATT&CK published CTI JSON. https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json

WARNING It is highly recommended you do not import the entire contents of this file. MITRE CTI data is not procedurally complete and will only include a brief description of how attackers have used Techniques. The more MITRE CTI content you import, the more work you are creating for yourself to research and derive Procedures from more detailed threat intelligence that corresponds to the described content.

VECTR Import / Export JSON

VECTR can export Assessment and Campaign data from the respective Library screens.

This JSON-formatted content includes a complete representation of Campaigns and possibly Assessments along with all included Test Case templates.

VECTR Local Test Cases

Live Data

Live or previously logged data can be imported at the Assessment, Campaign, or Test Case level.

VECTR Local Test Cases

ATTiRe (Attack Tool Timing and Reporting) JSON

VECTR's Automation logs to the ATTiRe format. The Invoke-Atomic ATTiRe Logger module can be included when using Invoke-Atomicredteam as well. This content can be imported to VECTR to attach to existing planned Test Cases or record a new record of executed tests. https://github.com/SecurityRiskAdvisors/ATTiRe

Troubleshooting

Importing data from an unspecified format is not supported.

Importing data that includes deprecated or invalid MITRE ID Techniques can cause an import failure.