A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset.

Related tags

Miscellaneoussecurityframeworkpython3mitreblueteamthreat-intelligencemitre-attackcyber-threat-intelligence
Overview

PyPI version License: MIT image

enterpriseattack - Mitre's Enterprise Att&ck

A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. Read the docs for more info.

Mitre Att&ck

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Dependancies

  • Python 3.x
  • ujson >= 3.0.0
  • requests >= 2.9.2

Installation

Install via Pip:

pip install enterpriseattack

Alternatively clone the repository:

git clone https://github.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install

(back to top)

Usage

Initialise an Attack object:

import enterpriseattack

attack = enterpriseattack.Attack()

Example: Iterate over tactics/techniques/sub_techniques:

for tactic in attack.tactics:
   print(tactic.name)
   for technique in tactic.techniques:
      print(technique.name)
      print(technique.detection)

for software in attack.software:
    for technique in software.techniques:
        for sub_technique in technique.sub_techniques:
            print(software.name, technique.name, sub_technique.name)

For more examples, please refer to the Documentation

(back to top)

Comments
  • Sub Techniques not correctly mapped? Issue while retrieving

    Sub Techniques not correctly mapped? Issue while retrieving "sub_techniques" attribute of a specific technique

    The following code should print the sub techniques of the first listed technique (Abuse Elevation Control Mechanism, at the moment): print(next(iter(attack.techniques)).sub_techniques) However, it prints ALL the subtechniques of the entire Mitre ATT&CK framework. The following code gets ALL the subtechniques as well: next(iter(next(iter(attack.groups)).techniques)).sub_techniques It looks like every technique has the whole set of subtechniques as its child, instead of the correct subtechniques.

    bug 
    opened by sibkyd 3
  • [BUG]: The techniques used by some groups seem to be missing

    [BUG]: The techniques used by some groups seem to be missing

    What happened?

    Here is a small script to output the techniques used by a particular group:

    #!/usr/bin/env python


from __future__ import print_function


__description__ = 'Display the techniques used by an APT group'
__license__ = 'GPL'
__VERSION__ = '1.0.0'


from argparse import ArgumentParser
from enterpriseattack import Attack


def get_techniques(attack, group_id):
    for group in attack.groups:
        if group.id != group_id:
            continue
        techniques = []
        for technique in group.techniques:
            if technique.deprecated:
                continue
            if len(technique.sub_techniques):
                for subtechnique in technique.sub_techniques:
                    techniques.append(subtechnique.id)
            else:
                techniques.append(technique.id)
        return techniques


def main():
    parser = ArgumentParser(description=__description__)
    parser.add_argument('-v', '--version', action='version',
                        version='%(prog)s version {}'.format(__VERSION__))
    parser.add_argument('GID', nargs='+',
                        help='APT group ID')
    args = parser.parse_args()
    attack = Attack()
    for group_id in args.GID:
        techniques = get_techniques(attack, group_id)
        print('{}: {}'.format(group_id, ', '.join(techniques)))


if __name__ == '__main__':
    main()

    If we use it for APT group G0001, it works fine:

    G0001: T1203, T1005, T1003.002, T1003.003, T1003.004, T1003.005, T1003.001, T1003.006, T1003.007, T1003.008, T1078.003, T1078.002, T1078.004, T1078.001, T1189, T1566.003, T1566.001, T1566.002, T1553.006, T1553.004, T1553.001, T1553.005, T1553.002, T1553.003, T1190, T1560.003, T1560.001, T1560.002

    But if we use it for APT group G0002, the result is empty:

    G0002:

    However, if we go to MITRE's site, we see that group G0002 is supposed to be using the technique T1027.001.

    Maybe this is some deficiency in the data? Or is it the result of a data parsing bug?

    Version

    0.1.6 (Default)

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • [BUG]: Subscriptable objects doesn't seem to work

    [BUG]: Subscriptable objects doesn't seem to work

    What happened?

    Using the example from the documentation:

    import enterpriseattack
attack = enterpriseattack.Attack(subscriptable=True)
wizard_spider = attack.groups.get('Wizard Spider')

    results in the error

    Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'get'

    Version

    0.1.6

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • Feature/0.1.7

    Feature/0.1.7

    Description:

    Issue raised in #14 whereby Group objects did not have sub techniques.

    Created a new sub_techniques property: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/enterpriseattack/group.py#L71-L94

    Tests for change: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/tests/test_groupsubs.py#L15-L16

    opened by xakepnz 0
  • Feature/0.1.6

    Feature/0.1.6

    Description

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Alter the GitHub templates (#7) - 327b98d
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to harcode MITRE ATT&CK data versioning (#5) - d7b5318
    opened by xakepnz 0
  • Subscript objects

    Subscript objects

    Make objects subscriptable eg:

    >>> attack = enterpriseattack.Attack()
>>> spider = attack.groups['Wizard Spider']
>>> spider.name
'Wizard Spider'

    VS:

    >>> attack = enterpriseattack.Attack()
>>> spider = None
>>> for group in attack.groups:
...     if group.name == 'Wizard Spider':
...             spider = group
...
>>> spider.name
'Wizard Spider'
    enhancement 
    opened by xakepnz 0
  • [FEATURE]: Support the other matrices too

    [FEATURE]: Support the other matrices too

    Feature Details

    Would be nice to have support for the other two matrices (Mobile and ICS) besides Enterprise. Although this would probably require some serious re-design.

    enhancement 
    opened by bontchev 0
Releases(v.0.1.7)

  • v.0.1.7(Dec 28, 2022)

    New:

    • Added sub_techniques property to Group objects (#14) - 29232d2
      • It was discovered in #14 that Group objects did not have the sub_techniques property available.
    • Added test for group sub_techniques iterations (#14) - a94394dc
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.6(Dec 19, 2022)

    Changes:

    • Alter the GitHub templates (#7) - 327b98d

    New:

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to hardcode MITRE ATT&CK data versioning (#5) - d7b5318
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.5(Mar 14, 2022)

  • v0.1.4(Mar 13, 2022)

    Modified

    • Cleaned up code line lengths
    • Fixed techniques mitigations
    • Ordered imports by type

    Added

    • Created component.py with Component class separate to Data source
    • Added tools & malware & software & components to techniques
    • Added tools & malware & tactics to groups
    • Added tools & malware & software & components & tactics to sub_techniques
    • Added tactics to software
    • Added tactics to mitigations
    • Created Code build tests with Travis CI
    • Added tactics & techniques to components
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.3(Mar 11, 2022)

    Modified:

    • Converted format strings to f strings for readability/speed.
    • Updated README.md with more examples

    Added:

    • Allow proxy args to Attack() for proxy-passing.
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.2(Dec 4, 2021)

    Fixed issue: https://github.com/xakepnz/enterpriseattack/issues/1

    • Issue related to all sub techniques being grouped under each technique, instead of relevant sub techniques. Fixed typo with ReadMe Documentation link
    Source code(tar.gz)
    Source code(zip)

  • v.0.1.1(Nov 3, 2021)

Owner
xakepnz
Русский интернет волшебник.
xakepnz
GitHub Repository
Data-driven Computer Science UoB

COMS20011_2021 Data-driven Computer Science UoB Staff Laurence Aitchison [ 6 May 16, 2022

We are building an open database of COVID-19 cases with chest X-ray or CT images.

🛑 Note: please do not claim diagnostic performance of a model without a clinical study! This is not a kaggle competition dataset. Please read this pa

Joseph Paul Cohen 2.9k Dec 30, 2022
Make creating Excel XLSX files fun again

Poi: Make creating Excel XLSX files fun again. Poi helps you write Excel sheet in a declarative way, ensuring you have a better Excel writing experien

Ryan Wang 11 Apr 01, 2022
Minterpy - Multidimensional interpolation in Python.

minterpy is an open-source Python package for a multivariate generalization of the classical Newton and Lagrange interpolation schemes as well as related tasks.

Center for Advanced Systems Understanding 18 Jan 06, 2023
The repository for my video "Playing MINECRAFT with a WEBCAM"

This is the official repo for my video "Playing MINECRAFT with a WEBCAM" on YouTube Original video can be found here: https://youtu.be/701TPxL0Skg Red

Rishabh 27 Jun 07, 2022
It is convenient to quickly import Python packages from the network.

It is convenient to quickly import Python packages from the network.

zmaplex 1 Jan 18, 2022
A common, beautiful interface to tabular data, no matter the format

rows No matter in which format your tabular data is: rows will import it, automatically detect types and give you high-level Python objects so you can

Álvaro Justen 834 Jan 03, 2023
Design-by-contract in Python3 with informative violation messages and inheritance

icontract icontract provides design-by-contract to Python3 with informative violation messages and inheritance. It also gives a base for a flourishing

275 Jan 02, 2023
Freeze your objects in python

gelidum Freeze your objects in python. Latin English Caelum est hieme frigidum et gelidum; myrtos oleas quaeque alia assiduo tepore laetantur, asperna

Diego J. 51 Dec 22, 2022
Runnable Python demo of ArtLine

artline-demo How to run? pip3 install -r requirements.txt python3 app.py How to use? Run the Flask app Open localhost:5000 in browser Select an image(

Jiang Wenjian 134 Jul 29, 2022
Adversarial Robustness with Non-uniform Perturbations

Adversarial Robustness with Non-uniform Perturbations This repository hosts the code to replicate experiments of the paper Adversarial Robustness with

5 May 20, 2022
Exercise to teach a newcomer to the CLSP grid to set up their environment and run jobs

Exercise to teach a newcomer to the CLSP grid to set up their environment and run jobs

Alexandra 2 May 18, 2022
Hashcrack - A non-object oriented open source, Software for Windows/Linux made in Python 3

Multi Force This project is a non-object oriented open source, Software for Wind

Radiationbolt 3 Jan 02, 2023
The ROS package for Airbotics.

airbotics The ROS package for Airbotics: Developed for ROS 1 and Python 3.8. The package has not been officially released on ROS yet so manual install

Airbotics 19 Dec 25, 2022
Example teacher bot for deployment to Chai app.

Create and share your own chatbot Here is the code for uploading the popular "Ms Harris (Teacher)" chatbot to the Chai app. You can tweak the config t

Chai 1 Jan 10, 2022
Class and mathematical functions for quaternion numbers.

Quaternions Class and mathematical functions for quaternion numbers. Installation Python This is a Python 3 module. If you don't have Python installed

3 Nov 08, 2022
Turn crypto miner on/off depending on powerwall charge level

Mining Crypto with Tesla Solar and Powerwalls This script turns a crypto miner on and off when the Tesla Powerwall level drops/rises above a certain t

Matt 1 Nov 09, 2021
京东热爱狂欢趴&京东扫码获取cookie

京东热爱狂欢趴 一键完成任务脚本来袭 活动地址: https://wbbny.m.jd.com/babelDiy/Zeus/2s7hhSTbhMgxpGoa9JDnbDzJTaBB/index.html#/home 2021-06-02更新: 1、删除京东星推官 2、更新脚本,修复火爆问题 2021

xoyi 48 Dec 28, 2022
calculadora financiera hecha en python

Calculadora financiera Calculadora de factores financieros basicos, puede calcular tanto factores como expresiones algebraicas en funcion de dichos fa

crudo 5 Nov 10, 2021
Streamlit apps done following data professor's course on YouTube

streamlit-twelve-apps Streamlit apps done following data professor's course on YouTube Español Curso de apps de data science hecho por Data Professor

Federico Bravin 1 Jan 10, 2022