ATTACKdatamap : A Datasource Assessment On An Event Level To Show Potential Coverage

ATTACKdatamap is a datasource assessment on an event level to show potential coverage of the “MITRE ATT&CK” framework. This tool is developed by me and has no affiliation with “MITRE” nor with its great “ATT&CK” team, it is developed with the intention to ease the mapping of data sources to assess one’s potential coverate.

Start

This tool requires module ImportExcel, Install it like this

PS C:> Install-Module ImportExcel

Import the module with

Import-Module .\ATTACKdatamap.psd1

Also Read – HomePWN : Swiss Army Knife for Pentesting of IoT Devices

Request-ATTACKjson

Generates a JSON file to be imported into the ATT&CK Navigator. The mitre_data_assessment.xlsx file contains all Techniques, which can be updated via Invoke-ATTACK-UpdateExcel.

Each technique contains DataSources, which are individually scored by me with a weight. The DataSourceEventTypes need to be scored per environment.

This script multiplies the respective DataSource scores and adds them to a total technique score. The generation date is added to the description.

EXAMPLE

PS C:> Request-ATTACKjson -Excelfile .\mitre_data_assessment.xlsx -Template .\template.json -Output 2019-03-23-ATTACKcoverage.json

This is all gathered into a JSON file which can be opened here; MITRE ATT&CK Navigator/enterprise/

Invoke-ATTACK-UpdateExcel

This generates all MITRE ATT&CK relevant fields into a table and creates or updates the REF-DataSources worksheet in an Excel sheet

EXAMPLE

PS C:> Invoke-ATTACK-UpdateExcel -AttackPath .\enterprise-attack.json -Excelfile .\mitre_data_assessment.xlsx

The -AttackPath and -Excelfile parameters are optional

Get-ATTACKdata

This downloads the MITRE ATT&CK Enterprise JSON file

EXAMPLE

PS C:> Get-ATTACKdata -AttackPath ./enterprise-attack.json

The -AttackPath parameter is optional

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

6 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago