ATTACKdatamap is a datasource assessment on an event level to show potential coverage of the “MITRE ATT&CK” framework. This tool is developed by me and has no affiliation with “MITRE” nor with its great “ATT&CK” team, it is developed with the intention to ease the mapping of data sources to assess one’s potential coverate.
Start
This tool requires module ImportExcel, Install it like this
PS C:> Install-Module ImportExcel
Import the module with
Import-Module .\ATTACKdatamap.psd1
Also Read – HomePWN : Swiss Army Knife for Pentesting of IoT Devices
Request-ATTACKjson
Generates a JSON file to be imported into the ATT&CK Navigator. The mitre_data_assessment.xlsx file contains all Techniques, which can be updated via Invoke-ATTACK-UpdateExcel.
Each technique contains DataSources, which are individually scored by me with a weight. The DataSourceEventTypes need to be scored per environment.
This script multiplies the respective DataSource scores and adds them to a total technique score. The generation date is added to the description.
EXAMPLE
PS C:> Request-ATTACKjson -Excelfile .\mitre_data_assessment.xlsx -Template .\template.json -Output 2019-03-23-ATTACKcoverage.json
This is all gathered into a JSON file which can be opened here; MITRE ATT&CK Navigator/enterprise/
Invoke-ATTACK-UpdateExcel
This generates all MITRE ATT&CK relevant fields into a table and creates or updates the REF-DataSources worksheet in an Excel sheet
EXAMPLE
PS C:> Invoke-ATTACK-UpdateExcel -AttackPath .\enterprise-attack.json -Excelfile .\mitre_data_assessment.xlsx
The -AttackPath and -Excelfile parameters are optional
Get-ATTACKdata
This downloads the MITRE ATT&CK Enterprise JSON file
EXAMPLE
PS C:> Get-ATTACKdata -AttackPath ./enterprise-attack.json
The -AttackPath parameter is optional
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…