• This repository has been archived on 11/Dec/2023
  • Stars
    star
    570
  • Rank 78,245 (Top 2 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Scripts and a (future) library to improve users' interactions with the ATT&CK content

attack-scripts

This repository contains standalone scripts and utilities for working with ATT&CK.

  • the scripts folder contains one-off scripts for processing and visualizing ATT&CK content.
  • the scripts/layers/samples folder contains one-off scripts demonstrating the generation of ATT&CK Navigator layers from ATT&CK data. The outputs of these scripts can also be found on the ATT&CK Navigator repository.

See also our mitreattack-python pip module for more python tools!

Requirements

Installation

  1. Create virtual environment:
    • macOS and Linux: python3 -m venv env
    • Windows: py -m venv env
  2. Activate the virtual environment:
    • macOS and Linux: source env/bin/activate
    • Windows: env/Scripts/activate.bat
  3. Install requirements into the virtual environment: pip3 install -r requirements.txt

taxii2client compatibility

A recent update to the taxii2client python library changed the API for TAXII 2.0 requests. This repository has been updated to work with the latest version of taxii2client, however if your installed version is < 2.0.0 you may need to patch the scripts for them to run properly. Please see our USAGE document on MITRE/CTI for more information.

Related MITRE Work

CTI

Cyber Threat Intelligence repository of the ATT&CK catalog expressed in STIX 2.0 JSON. This repository also contains our USAGE document which includes additional examples of accessing and parsing our dataset in Python.

ATT&CK

ATT&CK® is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

https://attack.mitre.org

STIX

Structured Threat Information Expression (STIXâ„¢) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.

STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

https://oasis-open.github.io/cti-documentation/

Notice

Copyright 2020 The MITRE Corporation

Approved for Public Release; Distribution Unlimited. Case Number 19-0486.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use

More Repositories

1

attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices
TypeScript
1,983
star
2

car

Cyber Analytics Repository
Python
889
star
3

bzar

A set of Zeek scripts to detect ATT&CK techniques.
Zeek
522
star
4

attack-arsenal

A collection of red team and adversary emulation resources developed and released by MITRE.
PowerShell
475
star
5

attack-website

MITRE ATT&CK Website
HTML
451
star
6

attack-datasources

This content is analysis and research of the data sources currently listed in ATT&CK.
Jupyter Notebook
395
star
7

mitreattack-python

A python module for working with ATT&CK
Python
360
star
8

tram

Threat Report ATT&CKâ„¢ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
JavaScript
345
star
9

attack-stix-data

STIX data representing MITRE ATT&CK
Python
276
star
10

joystick

Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances in the results.
Python
64
star
11

attack-evals

ATT&CK Evaluations website (DEPRECATED)
HTML
58
star
12

evals_caldera

A CALDERA plugin for ATT&CK Evaluations Round 1
PowerShell
32
star
13

attack-datasources-stix-beta

Mock STIX data demonstrating the new data source representation
16
star
14

attack-workbench-taxii-server

An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains a TAXII 2.1 API integration for the ATT&CK Workbench application.
TypeScript
9
star
15

attack-archives

Previous ATT&CK releases as seen at https://attack.mitre.org/resources/previous-versions/
HTML
7
star
16

attack-workbench-deployment

1
star