• Stars
    star
    554
  • Rank 80,342 (Top 2 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created over 6 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Python Script to access ATT&CK content available in STIX via a public TAXII server

ATT&CK Python Client

Binder Open_Threat_Research Community Open Source Love svg1 Downloads

A Python module to access up-to-date ATT&CK content available in STIX via a public TAXII server. This project leverages python classes and functions from the cti-python-stix2 and cti-taxii-client libraries developed by MITRE.

Goals

  • Provide an easy way to access and interact with up-to-date ATT&CK content available in STIX via public TAXII server.
  • Allow security analysts to quickly explore ATT&CK content and apply it in their daily operations.
  • Allow the integration of ATT&CK content with other platforms to host up to date information from the framework.
  • Help security analysts during the transition from the old ATT&CK MediaWiki API to the STIX/TAXII 2.0 API.
  • Learn STIX2 and TAXII Client Python libraries

Documentation

https://attackcti.com

Current Status: Production/Stable

The project is currently in a Production/Stable stage, which means that the current main functions are more stable. I would love to get your feedback to make it a better project.

Resources

Requirements

  • Python >= 3.0
  • stix2 >= 2.1.0
  • taxii2-client >= 2.3.0
  • six >= 1.16.0

Installation

You can install it via pip:

pip install attackcti

Or you can also do the following:

git clone https://github.com/OTRF/ATTACK-Python-Client
cd ATTACK-Python-Client
pip install .

Contribution

  • Now that the project is more stable, It would be great to get your feedback and hopefully get more contributions to the project. Let us know if you have any features in mind. We would love to collaborate to make them happen in the project.
  • Check our basic contribution guidelines and submit an issue with your ideas.
  • Be concise but clear when adding a title and description to your feature proposal.
  • One pull request per issue.
  • Select one or more labels when you submit an issue.
  • Make sure you are in the correct branch [Master].
  • Try to avoid sizeable changes unless warranted.
  • Be patient and polite as the project is still relatively small, which is why we would appreciate your help where possible.

Author

Official Committers

More Repositories

1

ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Python
3,964
star
2

Security-Datasets

Re-play Security Events
PowerShell
1,582
star
3

OSSEM

Open Source Security Events Metadata (OSSEM)
Python
1,232
star
4

Microsoft-Sentinel2Go

Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.
PowerShell
540
star
5

Blacksmith

Building environments to replicate small networks and deploy applications
PowerShell
317
star
6

OSSEM-DM

OSSEM Detection Model
Python
164
star
7

detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
Jupyter Notebook
130
star
8

SimuLand

Cloud Templates and scripts to deploy mordor environments
Shell
127
star
9

infosec-jupyter-book

The Infosec Community Definitive Guide to Jupyter Notebooks
Dockerfile
107
star
10

infosec-jupyterthon

A community event for security researchers to share their favorite notebooks
Jupyter Notebook
105
star
11

GenAI-Security-Adventures

Jupyter Notebook
93
star
12

Set-AuditRule

Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
PowerShell
86
star
13

notebooks-forge

A collection of notebooks built for defensive and offensive operations.
Jupyter Notebook
76
star
14

API-To-Event

A repo to document API functions mapped to security events across diverse platforms
74
star
15

OSSEM-DD

OSSEM Data Dictionaries
Python
56
star
16

OSSEM-CDM

OSSEM Common Data Model
54
star
17

bloodhound-notebook

BloodHound Cypher Queries Ported to a Jupyter Notebook
Python
53
star
18

openhunt

Python
33
star
19

bloodhound-notebooks

Notebooks created to attack and secure Active Directory environments
Jupyter Notebook
27
star
20

SANS-BlueTeamSummit-2022

Repo to track SANS BlueTeam Summit Presentation
Jupyter Notebook
23
star
21

2021-OceanLotus-workshop

HCL
18
star
22

BHEU22-ADFS

Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations
12
star
23

MEAN

Microsoft Entra ID Administration LLM-based Autonomous Agent
Jupyter Notebook
8
star
24

docker-c2

Docker files used to deploy known Command & Control (C2) Frameworks
5
star
25

workshop-ekoparty-bluespace-2020

Materiales para enseñar lo básico de Jupyter Notebooks y análisis de data con Pandas
Dockerfile
3
star
26

OpenSec-Library

2
star
27

Blog-Website

Official OTR Blog Website
2
star
28

Infosec-DMZ

1
star
29

OSSEM-DD-MASK

An extension of the OSSEM-DD repository.
1
star
30

Community-Presentations

Slides
1
star