Need help with ATTACKdatamap?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

olafhartong
296 Stars 55 Forks MIT License 29 Commits 1 Opened issues

Description

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Services available

!
?

Need anything else?

Contributors list

# 31,974
splunk
TeX
Terrafo...
Ansible
25 commits
# 321,835
HTML
mitre-a...
sysmon
1 commit

license Maintenance GitHub last commit Twitter

ATTACKdatamap

A datasource assessment on an event level to show potential coverage of the "MITRE ATT&CK" framework.

This tool is developed by me and has no affiliation with "MITRE" nor with its great "ATT&CK" team, it is developed with the intention to ease the mapping of data sources to assess one's potential coverate.

More details in a blogpost here

Start

This tool requires module ImportExcel, Install it like this

PS C:\> Install-Module ImportExcel

Import the module with

Import-Module .\ATTACKdatamap.psd1

OS X Only, ImportExcel Module Cannot Autosize by default, install:

brew install mono-libgdiplus

Request-ATTACKjson

Generates a JSON file to be imported into the ATT&CK Navigator. The mitredataassessment.xlsx file contains all Techniques, which can be updated via Invoke-ATTACK-UpdateExcel.

Each technique contains DataSources, which are individually scored by me with a weight. The DataSourceEventTypes need to be scored per environment.

This script multiplies the respective DataSource scores and adds them to a total technique score. The generation date is added to the description.

EXAMPLE

PS C:\> Request-ATTACKjson -Excelfile .\mitre_data_assessment.xlsx -Template .\template.json -Output 2019-03-23-ATTACKcoverage.json

This is all gathered into a JSON file which can be opened here; MITRE ATT&CK Navigator/enterprise/

Invoke-ATTACKUpdateExcel

This generates all MITRE ATT&CK relevant fields into a table and creates or updates the REF-DataSources worksheet in an Excel sheet

EXAMPLE

PS C:\> Invoke-ATTACKUpdateExcel -AttackPath .\enterprise-attack.json -Excelfile .\mitre_data_assessment.xlsx

The -AttackPath and -Excelfile parameters are optional

Get-ATTACKdata

This downloads the MITRE ATT&CK Enterprise JSON file

EXAMPLE

PS C:\> Get-ATTACKdata -AttackPath ./enterprise-attack.json

The -AttackPath parameter is optional

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.