top 10 doesn't change even if I set process monitoring to "none" or "high"

[cyb3rxp]

Hi all,

first of all, thanks for the great work around the Top ATT&CK Techniques Calculator.

My issue is the following: whether I set 'process Monitoring Components' to 'high' or to 'none', I get the same top 10 list, which is:

1. T1059 Command and Scripting Interpreter
2. T1053 Scheduled Task/Job
3. T1562 Impair Defenses
4. T1055 Process Injection
5. T1543 Create or Modify System Process
6. T1218 System Binary Proxy Execution
7. T1047 Windows Management Instrumentation
8. T1574 Hijack Execution Flow
9. T1036 Masquerading
10. T1112 Modify Registry

The point is that this list does not seem to be consistent with my choices, because the following TTP are unlikely to be detected with no process monitoring (like EDR), right?
T1055 Process Injection
T1059 Command and Scripting Interpreter
T1218 System Binary Proxy Execution
T1047 Windows Management Instrumentation
T1574 Hijack Execution Flow
T1036 Masquerading
therefore, when I set 'process monitoring' to 'none', I do expect that top TTP list to change, unless I got lost somewhere.

Many thanks and regards,

--
Philippe VIALLE