Incomplete data while saving layer to JSON

[futik]

Dear All,

I am having an issue with the attack-navigator, exporting (saving) layer functionality. I create myself a new layer from scratch -> Enterprise ATTACK

I will enable the Show IDs in Layer controls (this probably has no significance to the problem).

And then I download a layer in JSON:

If I count the techniques displayed in the browser (navigator) I get - 235 techniques.

In the downloaded JSON file, I can only see 119 techniques. For example, I am not finding: T1046 Network Service Discovery.

I am attaching the download JSON file: layer1.json

I would expect that the techniques in the downloaded JSON match with the techniques visible on the screen. I would like to use the JSON to annotate the techniques, and then upload to attack navigator.

If I export the data to Excel, I see a complete list of techniques - including T1046

Thanks a lot,
Lukas

[futik]

After reading the source code, I've discovered that the logic of the serializer only saves the techniques that were "modified"

"//only save techniqueVMs which have been modified"

I haven't seen any reference of that behavior in the documentation. I worked around my issue with annotating the techniques in the in-browser model, and then exporting out.

I think it would be worth documenting this logic - I find it a bit confusing. Lukas

[clemiller]

Hi @futik,

Layers are an annotation overlay that only contain the set of annotations (score, color, comment, etc.) that have been added on top of the matrix. Navigator omits techniques and sub-techniques which have no annotations from the JSON, which is likely why techniques appear to be missing. This is done intentionally to make the JSON layers smaller. The Excel download has a different underlying function, which is why it differs from the JSON layer. It is intended to render the layer as shown in the Navigator in Excel format, similar to the SVG rendering (ref #638).

Downloading a JSON layer with the full list of techniques, regardless of any present annotations, is currently outside the scope of Navigator (ref #530). I would recommend leveraging the mitreattack-python library, specifically the navlayers/navlayers/core modules for this purpose. Alternatively, as you mentioned in your comment, a workaround would be to annotate every technique in the layer before downloading.

Since we've seen a number of issues opened regarding confusion around what is included in a layer file, I agree we should update the layer documentation to be more specific. I'll keep this issue open to track this.

Thank you!