A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset.

Related tags

Miscellaneoussecurityframeworkpython3mitreblueteamthreat-intelligencemitre-attackcyber-threat-intelligence
Overview

PyPI version License: MIT image

enterpriseattack - Mitre's Enterprise Att&ck

A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. Read the docs for more info.

Mitre Att&ck

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Dependancies

  • Python 3.x
  • ujson >= 3.0.0
  • requests >= 2.9.2

Installation

Install via Pip:

pip install enterpriseattack

Alternatively clone the repository:

git clone https://github.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install

(back to top)

Usage

Initialise an Attack object:

import enterpriseattack

attack = enterpriseattack.Attack()

Example: Iterate over tactics/techniques/sub_techniques:

for tactic in attack.tactics:
   print(tactic.name)
   for technique in tactic.techniques:
      print(technique.name)
      print(technique.detection)

for software in attack.software:
    for technique in software.techniques:
        for sub_technique in technique.sub_techniques:
            print(software.name, technique.name, sub_technique.name)

For more examples, please refer to the Documentation

(back to top)

Comments
  • Sub Techniques not correctly mapped? Issue while retrieving

    Sub Techniques not correctly mapped? Issue while retrieving "sub_techniques" attribute of a specific technique

    The following code should print the sub techniques of the first listed technique (Abuse Elevation Control Mechanism, at the moment): print(next(iter(attack.techniques)).sub_techniques) However, it prints ALL the subtechniques of the entire Mitre ATT&CK framework. The following code gets ALL the subtechniques as well: next(iter(next(iter(attack.groups)).techniques)).sub_techniques It looks like every technique has the whole set of subtechniques as its child, instead of the correct subtechniques.

    bug 
    opened by sibkyd 3
  • [BUG]: The techniques used by some groups seem to be missing

    [BUG]: The techniques used by some groups seem to be missing

    What happened?

    Here is a small script to output the techniques used by a particular group:

    #!/usr/bin/env python


from __future__ import print_function


__description__ = 'Display the techniques used by an APT group'
__license__ = 'GPL'
__VERSION__ = '1.0.0'


from argparse import ArgumentParser
from enterpriseattack import Attack


def get_techniques(attack, group_id):
    for group in attack.groups:
        if group.id != group_id:
            continue
        techniques = []
        for technique in group.techniques:
            if technique.deprecated:
                continue
            if len(technique.sub_techniques):
                for subtechnique in technique.sub_techniques:
                    techniques.append(subtechnique.id)
            else:
                techniques.append(technique.id)
        return techniques


def main():
    parser = ArgumentParser(description=__description__)
    parser.add_argument('-v', '--version', action='version',
                        version='%(prog)s version {}'.format(__VERSION__))
    parser.add_argument('GID', nargs='+',
                        help='APT group ID')
    args = parser.parse_args()
    attack = Attack()
    for group_id in args.GID:
        techniques = get_techniques(attack, group_id)
        print('{}: {}'.format(group_id, ', '.join(techniques)))


if __name__ == '__main__':
    main()

    If we use it for APT group G0001, it works fine:

    G0001: T1203, T1005, T1003.002, T1003.003, T1003.004, T1003.005, T1003.001, T1003.006, T1003.007, T1003.008, T1078.003, T1078.002, T1078.004, T1078.001, T1189, T1566.003, T1566.001, T1566.002, T1553.006, T1553.004, T1553.001, T1553.005, T1553.002, T1553.003, T1190, T1560.003, T1560.001, T1560.002

    But if we use it for APT group G0002, the result is empty:

    G0002:

    However, if we go to MITRE's site, we see that group G0002 is supposed to be using the technique T1027.001.

    Maybe this is some deficiency in the data? Or is it the result of a data parsing bug?

    Version

    0.1.6 (Default)

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • [BUG]: Subscriptable objects doesn't seem to work

    [BUG]: Subscriptable objects doesn't seem to work

    What happened?

    Using the example from the documentation:

    import enterpriseattack
attack = enterpriseattack.Attack(subscriptable=True)
wizard_spider = attack.groups.get('Wizard Spider')

    results in the error

    Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'get'

    Version

    0.1.6

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • Feature/0.1.7

    Feature/0.1.7

    Description:

    Issue raised in #14 whereby Group objects did not have sub techniques.

    Created a new sub_techniques property: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/enterpriseattack/group.py#L71-L94

    Tests for change: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/tests/test_groupsubs.py#L15-L16

    opened by xakepnz 0
  • Feature/0.1.6

    Feature/0.1.6

    Description

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Alter the GitHub templates (#7) - 327b98d
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to harcode MITRE ATT&CK data versioning (#5) - d7b5318
    opened by xakepnz 0
  • Subscript objects

    Subscript objects

    Make objects subscriptable eg:

    >>> attack = enterpriseattack.Attack()
>>> spider = attack.groups['Wizard Spider']
>>> spider.name
'Wizard Spider'

    VS:

    >>> attack = enterpriseattack.Attack()
>>> spider = None
>>> for group in attack.groups:
...     if group.name == 'Wizard Spider':
...             spider = group
...
>>> spider.name
'Wizard Spider'
    enhancement 
    opened by xakepnz 0
  • [FEATURE]: Support the other matrices too

    [FEATURE]: Support the other matrices too

    Feature Details

    Would be nice to have support for the other two matrices (Mobile and ICS) besides Enterprise. Although this would probably require some serious re-design.

    enhancement 
    opened by bontchev 0
Releases(v.0.1.7)

  • v.0.1.7(Dec 28, 2022)

    New:

    • Added sub_techniques property to Group objects (#14) - 29232d2
      • It was discovered in #14 that Group objects did not have the sub_techniques property available.
    • Added test for group sub_techniques iterations (#14) - a94394dc
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.6(Dec 19, 2022)

    Changes:

    • Alter the GitHub templates (#7) - 327b98d

    New:

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to hardcode MITRE ATT&CK data versioning (#5) - d7b5318
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.5(Mar 14, 2022)

  • v0.1.4(Mar 13, 2022)

    Modified

    • Cleaned up code line lengths
    • Fixed techniques mitigations
    • Ordered imports by type

    Added

    • Created component.py with Component class separate to Data source
    • Added tools & malware & software & components to techniques
    • Added tools & malware & tactics to groups
    • Added tools & malware & software & components & tactics to sub_techniques
    • Added tactics to software
    • Added tactics to mitigations
    • Created Code build tests with Travis CI
    • Added tactics & techniques to components
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.3(Mar 11, 2022)

    Modified:

    • Converted format strings to f strings for readability/speed.
    • Updated README.md with more examples

    Added:

    • Allow proxy args to Attack() for proxy-passing.
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.2(Dec 4, 2021)

    Fixed issue: https://github.com/xakepnz/enterpriseattack/issues/1

    • Issue related to all sub techniques being grouped under each technique, instead of relevant sub techniques. Fixed typo with ReadMe Documentation link
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.1(Nov 3, 2021)

Owner
xakepnz
Русский интернет волшебник.
xakepnz
GitHub Repository
In the works, creating a new Chess Board and way to Play...

sWJz4Chess date started on github.com 11-13-2021 In the works, creating a new Chess Board and way to Play... starting to write this in Pygame, any ind

Shawn 2 Nov 18, 2021
Hoopoe - Get notified of important stuff, right away.

Hoopoe - Get notified of important stuff, right away. Report a Bug · Request a Feature . Ask a Question Table of Contents About Getting Started Prereq

Vahid Al 8 Nov 12, 2022
Workshop OOP - Workshop OOP - Discover object-oriented programming

About: This is an open-source bot, the code is open for anyone to see, fork and

Francis Clairicia-Rose-Claire-Joséphine 5 May 02, 2022
Better Giveaways is a bot that will change the experience of using a giveaway bot forever.

Better-Giveaways Better Giveaways is a bot that will change the experience of using a giveaway bot forever. VoxelBotUtils/Novus, latest PyPi releases

Lightning 2 Jan 12, 2022
Python Osmium Examples

Python Osmium Examples This is a set (currently of size 1) of examples showing practical usage of PyOsmium, a thin wrapper around the osmium library.

Martijn van Exel 1 Jan 26, 2022
take home quiz

guess the correlation data inspection a pretty normal distribution train/val/test split splitting amount .dataset: 150000 instances ├─8

HR Wu 1 Nov 04, 2021
poetry2nix turns Poetry projects into Nix derivations without the need to actually write Nix expressions

poetry2nix poetry2nix turns Poetry projects into Nix derivations without the need to actually write Nix expressions. It does so by parsing pyproject.t

Nix community projects 405 Dec 29, 2022
Curso de Python 3 do Básico ao Avançado

Curso de Python 3 do Básico ao Avançado Desafio: Buscador de arquivos Criar um programa que faça a pesquisa de arquivos. É fornecido o caminho e um te

Diego Guedes 1 Jan 21, 2022
Wunderland desktop wallpaper and Microsoft Teams background.

Wunderland Professional Impress your colleagues, friends and family with this edition of the "Wunderland" wallpaper. With the nostalgic feel of the or

3 Dec 14, 2022
A Non profit app built on top of Frappe framework & ERPNext

Non Profit A Non profit app built on top of Frappe framework & ERPNext. People who change the world need the tools to do it! The Non Profit Modules of

Frappe 16 Nov 17, 2022
Reactjs web app written entirely in python, using transcrypt compiler.

Reactjs web app written entirely in python, using transcrypt compiler.

Dan Shai 22 Nov 27, 2022
PythonKafkaCompose is an upgrade of the amazing work done in liveMaps

PythonKafkaCompose is an upgrade of the amazing work done in liveMaps It is a simple project composed by: an instance of Kafka a Py

5 Jun 19, 2022
LAPS module for CrackMapExec

Crackmapexec-LAPS LAPS module for CrackMapExec Make sure to point to the DC Specify the full domain name Be careful the rid 500 might not be "Administ

28 Oct 05, 2022
Python script that automates the tasks involved in starting a new coding project

Auto Project Builder Automates the repetitive tasks while starting a new project Installation Use the REQUIREMENTS.txt file to install the dependencie

Prathap S S 1 Feb 03, 2022
Painel simples com consulta de cep,CNPJ,placa e ip

Painel mpm Um painel simples com consultas de IP, CNPJ, CEP e PLACA Início 🌐 apt update && apt upgrade -y pkg i python git pip install requests Insta

8 Feb 27, 2022
A lighweight screen color picker tool

tkpick A lighweigt screen color picker tool Availability Only GNU/Linux 🐧 Installing Install via pip (No auto-update): [sudo] pip install tkpick Usa

Adil Gürbüz 7 Aug 30, 2021
Advent of Code 2021 challenges

Data analysis Document here the project: AoC21 Description: Project Description Data Source: Type of analysis: Please document the project the better

Daniel Wendel 1 Jan 07, 2022
Identify and annotate mutations from genome editing assays.

CRISPR-detector Here we propose our CRISPR-detector to facilitate the CRISPR-edited amplicon and whole genome sequencing data analysis, with functions

hlcas 2 Feb 20, 2022
Nmap script to detect a Microsoft Exchange instance version with OWA enabled.

Nmap script to detect a Microsoft Exchange instance version with OWA enabled.

Luciano Righetti 27 Nov 17, 2022
Easily Generate Revolut Business Cards

RevBusinessCardGen Easily Generate Revolut Business Cards Prerequisites Before you begin, ensure you have met the following requirements: You have ins

Younes™ 35 Dec 14, 2022