[
  {
    "instruction": "Is the following a method to mitigate Rootkit (T1014)?\nRestricting access to a local file by configuring operating system functionality.\n\nAnswer Yes/No.",
    "context": "",
    "output": "Yes",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Rootkit (T1014)",
      "ddmyn_mitigation_detection": "Restricting access to a local file by configuring operating system functionality.",
      "ddmyn_answer": "Yes",
      "prompts": []
    }
  },
  {
    "instruction": "Is the following a way to mitigate System Owner/User Discovery (T1033)?\nApplication Hardening makes an executable application more resilient to a class of exploits which either introduce new code or execute unwanted existing code. These techniques may be applied at compile-time or on an application binary.\n\nAnswer Yes/No.",
    "context": "",
    "output": "Yes",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "System Owner/User Discovery (T1033)",
      "ddmyn_mitigation_detection": "Application Hardening makes an executable application more resilient to a class of exploits which either introduce new code or execute unwanted existing code. These techniques may be applied at compile-time or on an application binary.",
      "ddmyn_answer": "Yes",
      "prompts": []
    }
  },
  {
    "instruction": "Can you mitigate Clear Linux or Mac System Logs (T1070.002) by using the strategy below?\nUse capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.?\n\nAnswer Yes/No.",
    "context": "",
    "output": "No",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Clear Linux or Mac System Logs (T1070.002)",
      "ddmyn_mitigation_detection": "Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.",
      "ddmyn_answer": "No",
      "prompts": []
    }
  },
  {
    "instruction": "Is the following a method to mitigate Race Condition for Write-Once Attributes (CWE-1223)?\nThe testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.\n\nAnswer Yes/No.",
    "context": "",
    "output": "Yes",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Race Condition for Write-Once Attributes (CWE-1223)",
      "ddmyn_mitigation_detection": "The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.",
      "ddmyn_answer": "Yes",
      "prompts": []
    }
  },
  {
    "instruction": "Is the following a method to mitigate Symmetric Cryptography (T1573.001)?\nThe detection of an internal host relaying traffic between the internal network and the external network.\n\nAnswer Yes/No.",
    "context": "",
    "output": "Yes",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Symmetric Cryptography (T1573.001)",
      "ddmyn_mitigation_detection": "The detection of an internal host relaying traffic between the internal network and the external network.",
      "ddmyn_answer": "Yes",
      "prompts": []
    }
  },
  {
    "instruction": "Can you mitigate Subvert Trust Controls (T1553) by using the strategy below?\nSet and enforce secure password policies for accounts.?\n\nAnswer Yes/No.",
    "context": "",
    "output": "No",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Subvert Trust Controls (T1553)",
      "ddmyn_mitigation_detection": "Set and enforce secure password policies for accounts.",
      "ddmyn_answer": "No",
      "prompts": []
    }
  },
  {
    "instruction": "Can you detect Weak Password Requirements (CWE-521) by using the strategy below?\nAccording to SOAR, the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)?\n\nAnswer Yes/No.",
    "context": "",
    "output": "No",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "detect",
      "ddmyn_node_name": "Weak Password Requirements (CWE-521)",
      "ddmyn_mitigation_detection": "According to SOAR, the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)",
      "ddmyn_answer": "No",
      "prompts": []
    }
  },
  {
    "instruction": "Can you mitigate T1137.004 (Outlook Home Page) by using the strategy below?\nThis category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.?\n\nAnswer Yes/No.",
    "context": "",
    "output": "No",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "T1137.004 (Outlook Home Page)",
      "ddmyn_mitigation_detection": "This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.",
      "ddmyn_answer": "No",
      "prompts": []
    }
  },
  {
    "instruction": "Is the following a method to mitigate Path Interception by Unquoted Path (T1574.009)?\nRestrict access by setting directory and file permissions that are not specific to users or privileged accounts.\n\nAnswer Yes/No.",
    "context": "",
    "output": "Yes",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Path Interception by Unquoted Path (T1574.009)",
      "ddmyn_mitigation_detection": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.",
      "ddmyn_answer": "Yes",
      "prompts": []
    }
  },
  {
    "instruction": "Is the following a way to mitigate Deobfuscate/Decode Files or Information (T1140)?\nUsing a digital signature to authenticate a file before opening.\n\nAnswer Yes/No.",
    "context": "",
    "output": "Yes",
    "category": "BronFlan",
    "instruction_type": "bron_direct_dm_yes_no",
    "parsed_raw_data": {
      "ddmyn_mitigate_detect": "mitigate",
      "ddmyn_node_name": "Deobfuscate/Decode Files or Information (T1140)",
      "ddmyn_mitigation_detection": "Using a digital signature to authenticate a file before opening.",
      "ddmyn_answer": "Yes",
      "prompts": []
    }
  }
]