Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Latest commit

History

History
48 lines (37 loc) 路 4.05 KB

visualization.md

File metadata and controls

48 lines (37 loc) 路 4.05 KB
Raw

Visualization

This repository includes several ways to visualize the mappings.

ATT&CK Navigator Layers

This project provides ATT&CK Navigator Layers representing the mappings to ATT&CK. You can find the Layer files in the /frameworks/ folder:

Mappings Spreadsheet

An excel spreadsheet is provided listing all of the mappings for each framework in a tabular format. You can find the spreadsheets within the /frameworks/ folder:

The listMappings script can be used to generate this same information in additional formats:

  • Excel spreadsheet
  • CSV
  • HTML table
  • Markdown table

Substituting Controls for ATT&CK Mitigations

The substitute.py utility script builds ATT&CK STIX bundles where controls and mappings take the place of ATT&CK mitigations, thereby enabling construction of the ATT&CK Website and ATT&CK Navigator with controls taking the place of mitigations. This section describes the usage of these specialty bundles, which can be found on this repo alongside their data in the framework stix folders:

Note: substitute.py is implemented such that only controls with mappings to ATT&CK Techniques are present in the substituted STIX bundle. If you want to build the substituted bundle with the full set of controls, run substitute.py with the --allow-unmapped flag.

Constructing the ATT&CK Navigator with controls as mitigations

The ATT&CK Navigator can be constructed with controls as mitigations by following the below methodology. Controls will be shown in the place of mitigations in the multi-select interface, allowing users to quickly select the techniques mapped to each control listed in that UI.

  1. Clone the attack-navigator github repository.
  2. Put the substituted STIX data in the nav-app/src/assets folder.
  3. in nav-app/src/assets/config.json, replace the default enterprise_attack_url value with "assets/[substituted-stix-bundle-name]".
  4. Follow the Install and Run instructions of the ATT&CK Navigator documentation.

Constructing the ATT&CK Website with controls as mitigations

The ATT&CK Website can be constructed with controls as mitigations by following the below methodology. The mitigation pages on the website will instead contain controls, and the mappings of mitigations to ATT&CK Techniques will be replaced with the control mappings.

  1. Clone the attack-website github repository.
  2. Replace data/stix/enterprise-attack.json with the substituted STIX data (renaming the substituted STIX file to be enterprise-attack.json).
  3. In modules/config.py, append the control framework identifier to the source_names array. The framework identifier can be found in the framework_id field of the framework's input/config.json file.
    • For NIST 800-53 Revision 4, the source name to append is "NIST 800-53 Revision 4"
    • For NIST 800-53 Revision 5, the source name to append is "NIST 800-53 Revision 5"
  4. Follow the Install and Build instructions of the ATT&CK Website documentation.

See also

  • Mapping Methodology for a description of the general process used to create the control mappings.
  • STIX Format for more information about the STIX representation of the controls and mappings.