A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset.

Related tags

Miscellaneoussecurityframeworkpython3mitreblueteamthreat-intelligencemitre-attackcyber-threat-intelligence
Overview

PyPI version License: MIT image

enterpriseattack - Mitre's Enterprise Att&ck

A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. Read the docs for more info.

Mitre Att&ck

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Dependancies

  • Python 3.x
  • ujson >= 3.0.0
  • requests >= 2.9.2

Installation

Install via Pip:

pip install enterpriseattack

Alternatively clone the repository:

git clone https://github.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install

(back to top)

Usage

Initialise an Attack object:

import enterpriseattack

attack = enterpriseattack.Attack()

Example: Iterate over tactics/techniques/sub_techniques:

for tactic in attack.tactics:
   print(tactic.name)
   for technique in tactic.techniques:
      print(technique.name)
      print(technique.detection)

for software in attack.software:
    for technique in software.techniques:
        for sub_technique in technique.sub_techniques:
            print(software.name, technique.name, sub_technique.name)

For more examples, please refer to the Documentation

(back to top)

Comments
  • Sub Techniques not correctly mapped? Issue while retrieving

    Sub Techniques not correctly mapped? Issue while retrieving "sub_techniques" attribute of a specific technique

    The following code should print the sub techniques of the first listed technique (Abuse Elevation Control Mechanism, at the moment): print(next(iter(attack.techniques)).sub_techniques) However, it prints ALL the subtechniques of the entire Mitre ATT&CK framework. The following code gets ALL the subtechniques as well: next(iter(next(iter(attack.groups)).techniques)).sub_techniques It looks like every technique has the whole set of subtechniques as its child, instead of the correct subtechniques.

    bug 
    opened by sibkyd 3
  • [BUG]: The techniques used by some groups seem to be missing

    [BUG]: The techniques used by some groups seem to be missing

    What happened?

    Here is a small script to output the techniques used by a particular group:

    #!/usr/bin/env python


from __future__ import print_function


__description__ = 'Display the techniques used by an APT group'
__license__ = 'GPL'
__VERSION__ = '1.0.0'


from argparse import ArgumentParser
from enterpriseattack import Attack


def get_techniques(attack, group_id):
    for group in attack.groups:
        if group.id != group_id:
            continue
        techniques = []
        for technique in group.techniques:
            if technique.deprecated:
                continue
            if len(technique.sub_techniques):
                for subtechnique in technique.sub_techniques:
                    techniques.append(subtechnique.id)
            else:
                techniques.append(technique.id)
        return techniques


def main():
    parser = ArgumentParser(description=__description__)
    parser.add_argument('-v', '--version', action='version',
                        version='%(prog)s version {}'.format(__VERSION__))
    parser.add_argument('GID', nargs='+',
                        help='APT group ID')
    args = parser.parse_args()
    attack = Attack()
    for group_id in args.GID:
        techniques = get_techniques(attack, group_id)
        print('{}: {}'.format(group_id, ', '.join(techniques)))


if __name__ == '__main__':
    main()

    If we use it for APT group G0001, it works fine:

    G0001: T1203, T1005, T1003.002, T1003.003, T1003.004, T1003.005, T1003.001, T1003.006, T1003.007, T1003.008, T1078.003, T1078.002, T1078.004, T1078.001, T1189, T1566.003, T1566.001, T1566.002, T1553.006, T1553.004, T1553.001, T1553.005, T1553.002, T1553.003, T1190, T1560.003, T1560.001, T1560.002

    But if we use it for APT group G0002, the result is empty:

    G0002:

    However, if we go to MITRE's site, we see that group G0002 is supposed to be using the technique T1027.001.

    Maybe this is some deficiency in the data? Or is it the result of a data parsing bug?

    Version

    0.1.6 (Default)

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • [BUG]: Subscriptable objects doesn't seem to work

    [BUG]: Subscriptable objects doesn't seem to work

    What happened?

    Using the example from the documentation:

    import enterpriseattack
attack = enterpriseattack.Attack(subscriptable=True)
wizard_spider = attack.groups.get('Wizard Spider')

    results in the error

    Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'get'

    Version

    0.1.6

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • Feature/0.1.7

    Feature/0.1.7

    Description:

    Issue raised in #14 whereby Group objects did not have sub techniques.

    Created a new sub_techniques property: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/enterpriseattack/group.py#L71-L94

    Tests for change: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/tests/test_groupsubs.py#L15-L16

    opened by xakepnz 0
  • Feature/0.1.6

    Feature/0.1.6

    Description

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Alter the GitHub templates (#7) - 327b98d
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to harcode MITRE ATT&CK data versioning (#5) - d7b5318
    opened by xakepnz 0
  • Subscript objects

    Subscript objects

    Make objects subscriptable eg:

    >>> attack = enterpriseattack.Attack()
>>> spider = attack.groups['Wizard Spider']
>>> spider.name
'Wizard Spider'

    VS:

    >>> attack = enterpriseattack.Attack()
>>> spider = None
>>> for group in attack.groups:
...     if group.name == 'Wizard Spider':
...             spider = group
...
>>> spider.name
'Wizard Spider'
    enhancement 
    opened by xakepnz 0
  • [FEATURE]: Support the other matrices too

    [FEATURE]: Support the other matrices too

    Feature Details

    Would be nice to have support for the other two matrices (Mobile and ICS) besides Enterprise. Although this would probably require some serious re-design.

    enhancement 
    opened by bontchev 0
Releases(v.0.1.7)

  • v.0.1.7(Dec 28, 2022)

    New:

    • Added sub_techniques property to Group objects (#14) - 29232d2
      • It was discovered in #14 that Group objects did not have the sub_techniques property available.
    • Added test for group sub_techniques iterations (#14) - a94394dc
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.6(Dec 19, 2022)

    Changes:

    • Alter the GitHub templates (#7) - 327b98d

    New:

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to hardcode MITRE ATT&CK data versioning (#5) - d7b5318
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.5(Mar 14, 2022)

  • v0.1.4(Mar 13, 2022)

    Modified

    • Cleaned up code line lengths
    • Fixed techniques mitigations
    • Ordered imports by type

    Added

    • Created component.py with Component class separate to Data source
    • Added tools & malware & software & components to techniques
    • Added tools & malware & tactics to groups
    • Added tools & malware & software & components & tactics to sub_techniques
    • Added tactics to software
    • Added tactics to mitigations
    • Created Code build tests with Travis CI
    • Added tactics & techniques to components
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.3(Mar 11, 2022)

    Modified:

    • Converted format strings to f strings for readability/speed.
    • Updated README.md with more examples

    Added:

    • Allow proxy args to Attack() for proxy-passing.
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.2(Dec 4, 2021)

    Fixed issue: https://github.com/xakepnz/enterpriseattack/issues/1

    • Issue related to all sub techniques being grouped under each technique, instead of relevant sub techniques. Fixed typo with ReadMe Documentation link
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.1(Nov 3, 2021)

Owner
xakepnz
Русский интернет волшебник.
xakepnz
GitHub Repository
A OBS service to package a published repository into a tar.gz file

OBS Source Service obs-service-publish_tar obs-service-publish_tar will create a archive.tar[.tar compression] archive containing the published repo

Erico Mendonca 1 Feb 16, 2022
Convert Roman numerals to modern numerals and vice-versa

Roman Numeral Conversion Utilities This is a utility module for converting from and to Roman numerals. It supports numbers upto 3,999,999, using the v

Fictive Kin 1 Dec 17, 2021
An OBS script to fuze files together

OBS TEXT FUZE Fuze text files and inject the output into a text source. The Index file directory should be a list of file directorys for the text file

SuperZooper3 1 Dec 27, 2021
An awesome script to convert the University Of Oviedo web calendar to Google or Outlook calendars.

autoUniCalendar Un script en Python para convertir el calendario de la intranet de la Universidad de Oviedo en un calendario de Outlook o Google Calen

Bimo99B9 14 Sep 28, 2022
Binjago - Set of tools aiding in analysis of stripped Golang binaries with Binary Ninja

Binjago 🥷 Set of tools aiding in analysis of stripped Golang binaries with Bina

W3ndige 2 Jul 23, 2022
Script to calculate delegator epoch returns for all pillars

znn_delegator_calculator Script to calculate estimated delegator epoch returns for all Pillars, so you can delegate to the best one. You can find me o

2 Dec 03, 2021
A Python Based Utility for Processing GST-Return JSON Files to Multiple Formats

GSTR 1/2A Utility by Shan.tk Open Source GSTR 1/GSTR 2A JSON to Excel utility based on Python. Useful for Auditors in Verifying GSTR 1 Return Invoices

Sudharshan TK 1 Oct 08, 2022
【教程】莉沫酱教你学继承!?

【教程】莉沫酱教你学继承! 众所周知,类的继承就是说当一个类死亡的时候,它的子类会获得它拥有的资源。 根据类的继承法不同,各个子类能获得的资源也不同。 继承法的类型 在解释继承法之前,我们先定义三个类,一个父类A,和它的子类B、C。 它们都拥有x、y、z三个属性。

黄巍 17 Dec 05, 2022
Simple programming language built on Python.

Serial Another programming language. Built on Python. Building and running program In order to run the program on serial, unfortunately you still need

Aleksey Demchenkov 1 Dec 09, 2021
Repo created for the purpose of adding any kind of programs and projects

Programs and Project Repository A repository for adding programs and projects of any kind starting from beginners level to expert ones Contributing to

Unicorn Dev Community 3 Nov 02, 2022
Procedural 3D data generation pipeline for architecture

Synthetic Dataset Generator Authors: Stanislava Fedorova Alberto Tono Meher Shashwat Nigam Jiayao Zhang Amirhossein Ahmadnia Cecilia bolognesi Dominik

Computational Design Institute 49 Nov 25, 2022
A command line interface tool converting starknet warp transpiled outputs into readable cairo contracts.

warp-to-cairo warp-to-cairo is a simple tool converting starknet warp outputs (NethermindEth/warp) outputs into readable cairo contracts. The warp out

Michael K 5 Jun 10, 2022
A basic tool to generate Hydrogen drum machine kits.

Generate Hydrogen Kit A basic tool to generate drumkit.xml files for Hydrogen drum machine. Saves a bit of time when making kits. Supply it with a nam

Luna Langton 2 Nov 28, 2021
This program generates automatically new folders containing old version of program

Automated Folder Versions Generator by Sergiy Grimoldi - V.0.0.2 This program generates automatically new folders containing old version of something

Sergiy Grimoldi 1 Dec 23, 2021
Kunai Shitty Raider Leaked LMFAO

Kunai-Raider-Leaked Kunai Shitty Raider Leaked LMFA

5 Nov 24, 2021
The best free and open-source automated time tracker. Cross-platform, extensible, privacy-focused.

Records what you do so that you can know how you've spent your time. All in a secure way where you control the data. Website — Forum — Documentation —

ActivityWatch 7.8k Jan 09, 2023
This is a Python script to detect rapid upwards price changes (pumps) in a cryptocurrency pairing

A python script to detect a rapid upwards price brekout (pump) in a cryptocurrency pairing, through pandas and Binance API.

3 May 25, 2022
PyPI package for scaffolding out code for decision tree models that can learn to find relationships between the attributes of an object.

Decision Tree Writer This package allows you to train a binary classification decision tree on a list of labeled dictionaries or class instances, and

2 Apr 23, 2022
COVID-19 case tracker in Dash

covid_dashy_personal This is a personal project to build a simple COVID-19 tracker for Australia with Dash. Key functions of this dashy will be to Dis

Jansen Zhang 1 Nov 30, 2021
OpenTable Reservation Maker For Python

OpenTable-Reservation-Maker The code that corresponds with this blog post on writing a script to make reservations for me on opentable Getting started

JonLuca De Caro 36 Nov 10, 2022