Skip to content
A datasource assessment on an event level to show potential ATT&CK coverage
Branch: master
Clone or download
Latest commit f589f43 Apr 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Sample results Initial commit Apr 6, 2019
ATTACKdatamap.psd1 Added license Apr 6, 2019
ATTACKdatamap.psm1 Initial commit Apr 6, 2019
LICENSE Initial commit Apr 6, 2019
README.md
mitre_data_assessment.xlsx
template.json Initial commit Apr 6, 2019

README.md

license Maintenance GitHub last commit Twitter

ATTACKdatamap

A datasource assessment on an event level to show potential ATT&CK coverage

More details in a blogpost here

Start

This tool requires module ImportExcel, Install it like this PS C:\> Install-Module ImportExcel

Import the module with Import-Module .\ATTACKdatamap.psd1

Request-ATTACKjson

Generates a JSON file to be imported into the ATT&CK Navigator. The mitre_data_assessment.xlsx file contains all Techniques, which can be updated via Invoke-ATTACK-UpdateExcel.

Each technique contains DataSources, which are individually scored by me with a weight. The DataSourceEventTypes need to be scored per environment.

This script multiplies the respective DataSource scores and adds them to a total technique score. The generation date is added to the description.

EXAMPLE

PS C:\> Request-ATTACKjson -Excelfile .\mitre_data_assessment.xlsx -Template .\template.json -Output 2019-03-23-ATTACKcoverage.json

This is all gathered into a JSON file which can be opened here; MITRE ATT&CK Navigator/enterprise/

Invoke-ATTACK-UpdateExcel

This generates all MITRE ATT&CK relevant fields into a table and creates or updates the REF-DataSources worksheet in an Excel sheet

EXAMPLE

PS C:\> Invoke-ATTACK-UpdateExcel -AttackPath .\enterprise-attack.json -Excelfile .\mitre_data_assessment.xlsx

The -AttackPath and -Excelfile parameters are optional

Get-ATTACKdata

This downloads the MITRE ATT&CK Enterprise JSON file

EXAMPLE

PS C:\> Get-ATTACKdata -AttackPath ./enterprise-attack.json

The -AttackPath parameter is optional

You can’t perform that action at this time.