Code Monkey home page Code Monkey logo

attckr's Introduction

Project Status: WIP – Initial development is in progress, but there has not yet been a stable, usable release suitable for the public. Signed by Signed commit % Linux build Status Coverage Status Minimal R Version License

attckr

Analyze Adversary Tactics and Techniques Using the MITRE ATT&CK CTI Corpus

Description

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Tools are provided to analyze adversary tactics and techniques, build incident metrics, and identify high level program gaps using the MITRE ATT&CK CTI Corpus.

What’s Inside The Tin

The following functions are implemented:

  • attck_cdf_tactic: Product an ATT&CK Cumulative Distribution Function by Tactic
  • attck_map: Generate an ATT&CK heatmap
  • enterprise_attack: Enterprise Attack Taxonomy v2.0
  • fct_tactic: Make an ordered Tactics factor with optional better labelling
  • mobile_attack: Mobile Attack Taxonomy v2.0
  • pre_attack: Pre-Attack Taxonomy v2.0
  • read_events: Read in ATT&CK events from a file
  • tactics_f: Tactics factors (generally for sorting & pretty-printing)
  • theme_enhance_atkmap: Remove cruft from ATT&CK heatmaps
  • tidy_attack: Combined ATT&CK Matricies Tactics, Techniques and Technique detail
  • validate_tactics: Validate Tactics strings against MITRE authoritative source
  • validate_technique_ids: Validate Technique IDs
  • validate_techniques: Validate Techniques strings against MITRE authoritative source

The following datasets are included:

  • enterprise_attack: Enterprise Attack Taxonomy v2.0
  • mobile_attack: Mobile Attack Taxonomy v2.0
  • pre_attack: Pre-Attack Taxonomy v2.0
  • tactics_f: Tactics factors (generally for sorting & pretty-printing)
  • tidy_attack: Combined ATT&CK Matricies Tactics, Techniques and Technique detail

Installation

install.packages("attckr", repos = "https://cinc.rud.is")
# or
remotes::install_git("https://git.rud.is/hrbrmstr/attckr.git")
# or
remotes::install_git("https://git.sr.ht/~hrbrmstr/attckr")
# or
remotes::install_gitlab("hrbrmstr/attckr")
# or
remotes::install_bitbucket("hrbrmstr/attckr")
# or
remotes::install_github("hrbrmstr/attckr")

NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.

Usage

library(attckr)
library(hrbrthemes)
library(tidyverse)

# current version
packageVersion("attckr")
## [1] '0.2.0'
tidy_attack
## # A tibble: 795 x 5
##    technique          description                                                        id      matrix    tactic       
##    <chr>              <chr>                                                              <chr>   <chr>     <chr>        
##  1 .bash_profile and… "<code>~/.bash_profile</code> and <code>~/.bashrc</code> are shel… T1156   mitre-at… persistence  
##  2 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… T1134   mitre-at… defense-evas…
##  3 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… T1134   mitre-at… privilege-es…
##  4 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… CAPEC-… mitre-at… defense-evas…
##  5 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… CAPEC-… mitre-at… privilege-es…
##  6 Accessibility Fea… "Windows contains accessibility features that may be launched wit… T1015   mitre-at… persistence  
##  7 Accessibility Fea… "Windows contains accessibility features that may be launched wit… T1015   mitre-at… privilege-es…
##  8 Accessibility Fea… "Windows contains accessibility features that may be launched wit… CAPEC-… mitre-at… persistence  
##  9 Accessibility Fea… "Windows contains accessibility features that may be launched wit… CAPEC-… mitre-at… privilege-es…
## 10 Account Access Re… "Adversaries may interrupt availability of system and network res… T1531   mitre-at… impact       
## # … with 785 more rows
events <- read_events(system.file("extdat/sample-incidents.csv.gz", package = "attckr"))
## Parsed with column specification:
## cols(
##   event_id = col_character(),
##   incident_id = col_character(),
##   event_ts = col_date(format = ""),
##   detection_ts = col_date(format = ""),
##   tactic = col_character(),
##   technique = col_character(),
##   discovery_source = col_character(),
##   reporting_source = col_character(),
##   responder_id = col_character()
## )
## You appear to be using Tactic ids.
## You appear to be using Techinque ids.

attck_map(
  events, "pretty", "nl", "enterprise",
  dark_value_threshold = 1,
  size = 3, family = font_rc, lineheight = 0.875
) +
  scale_fill_distiller(
    palette = "Spectral", na.value = "white", label = scales::comma, breaks = 1:3
  ) +
  labs(x = NULL, y = NULL, fill = NULL) +
  theme_ipsum_rc(grid="") +
  theme(axis.text.y = element_blank())

attckr Metrics

Lang # Files (%) LoC (%) Blank lines (%) # Lines (%)
R 13 0.93 304 0.93 72 0.78 180 0.84
Rmd 1 0.07 24 0.07 20 0.22 34 0.16

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

attckr's People

Contributors

hrbrmstr avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

ababook zhaoshiling1017 motherhack3r skybulk quinn-yan ackroute nanda-rani

attckr's Issues

ERROR. Open file .csv

Hello,

Error open file csv.

> events <- read_events(system.file("sistema.csv.gz", package = "attckr"))
Error in read_events(system.file("sistema.csv.gz", package = "attckr")) :
  file.exists(path) is not TRUE

I guess the .csv file is a .evtx file

There must be some tool that converts .evtx to ATT&CK event format

Best Regards

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.