GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → center-for-threat-informed-defense → security-stack-mappings

center-for-threat-informed-defense / security-stack-mappings

Licence: Apache-2.0 license
This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects
CSS
56736 projects
javascript
184084 projects - #8 most used programming language

Labels

awssecuritycloudazuremitre-attack

Projects that are alternatives of or similar to security-stack-mappings

Threathunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+141.97%)
Mutual labels:  mitre-attack
Attack Control Framework Mappings
Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.
Stars: ✭ 115 (-62.3%)
Mutual labels:  mitre-attack
Malwless
Test Blue Team detections without running any attack.
Stars: ✭ 215 (-29.51%)
Mutual labels:  mitre-attack
Attack Navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
Stars: ✭ 887 (+190.82%)
Mutual labels:  mitre-attack
Atomic Red Team Intelligence C2
ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.
Stars: ✭ 87 (-71.48%)
Mutual labels:  mitre-attack
Invoke Apex
A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Stars: ✭ 162 (-46.89%)
Mutual labels:  mitre-attack
Certified Kubernetes Security Specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
Stars: ✭ 691 (+126.56%)
Mutual labels:  mitre-attack
Attack Website
MITRE ATT&CK Website
Stars: ✭ 231 (-24.26%)
Mutual labels:  mitre-attack
Misp Maltego
Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
Stars: ✭ 112 (-63.28%)
Mutual labels:  mitre-attack
Chain Reactor
Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
Stars: ✭ 206 (-32.46%)
Mutual labels:  mitre-attack
Attacker Group Predictor
Tool to predict attacker groups from the techniques and software used
Stars: ✭ 46 (-84.92%)
Mutual labels:  mitre-attack
Evtx Attack Samples
Windows Events Attack Samples
Stars: ✭ 1,243 (+307.54%)
Mutual labels:  mitre-attack
Pcap Attack
PCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-42.62%)
Mutual labels:  mitre-attack
Attack Tools
Utilities for MITRE™ ATT&CK
Stars: ✭ 810 (+165.57%)
Mutual labels:  mitre-attack
Caldera
Automated Adversary Emulation Platform
Stars: ✭ 3,126 (+924.92%)
Mutual labels:  mitre-attack
Bluespawn
An Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+141.64%)
Mutual labels:  mitre-attack
Macos Attack Dataset
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Stars: ✭ 116 (-61.97%)
Mutual labels:  mitre-attack
Elemental
Elemental - An ATT&CK Threat Library
Stars: ✭ 241 (-20.98%)
Mutual labels:  mitre-attack
Atc React
A knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (-25.9%)
Mutual labels:  mitre-attack
Litmus test
Detecting ATT&CK techniques & tactics for Linux
Stars: ✭ 190 (-37.7%)
Mutual labels:  mitre-attack
View All Similar Projects ➔

Security Stack Mappings

This repository contains a collection of native security controls mapped to MITRE ATT&CK® based on a common methodology and tool set. We aim to empower organizations with independent data on which native security controls are most useful in defending against the adversary TTPs that they care about and establish a foundation for systematically mapping product security controls to ATT&CK. These mappings will allow organizations to make threat-informed decisions when selecting which native security capabilities to use.

Get the Mappings

This project has produced mapping files for the following technology platforms, with more on the roadmap:

Microsoft Azure

HTML Summary YAML Mappings ATT&CK Navigator Layers

Released on June 29, 2021, these mappings cover the native security controls of Microsoft Azure Infrastructure as a Services for version 8.2 of MITRE ATT&CK. The following scoping decisions influenced the Azure mappings:

  • ATT&CK Scope: This work is focused on ATT&CK (sub-)techniques included in the Enterprise domain v8; Mobile techniques are not covered. There is a follow-on project that will update the mappings to ATT&CK v9.
  • Native Security Controls: This work focused on mapping the security controls produced by Microsoft or branded as Microsoft products. Third-party security controls available on the platform were excluded from analysis.
  • Azure Security Benchmark: Most of the controls included in scope were derived from Microsoft’s Azure Security Benchmark v2 and our review of Azure security documentation.
  • Azure Defender for servers: This control was excluded from analysis due to its complexity and its inclusion within recent MITRE ATT&CK Evaluations.

Amazon Web Services

HTML Summary YAML Mappings ATT&CK Navigator Layers

Released on September 21, 2021, these mappings cover the native security controls of Amazon Web Services for version 9.0 of MITRE ATT&CK. The following scoping decisions influenced the AWS mappings:

  • ATT&CK Scope: This work is focused on ATT&CK techniques and sub-techniques included in ATT&CK for Enterprise v9; Mobile techniques are not covered.
  • Native Security Controls: This work focused on mapping the security controls produced by AWS or branded as AWS products. Third-party security controls available on the platform were excluded from analysis.
  • The AWS Security, Identity, & Compliance products page was used to source the list of controls included within scope of this mapping.
  • Driven by Center participant interest, this effort also included mappings of security features of select, non-security services such as VPC, RDS, and S3.

Google Cloud Platform

HTML Summary YAML Mappings ATT&CK Navigator Layers

Released on June 28, 2022, these mappings cover the native security controls of Google Cloud Platform (GCP) for version 10 of MITRE ATT&CK. The following scoping decisions influenced the GCP mappings:

  • ATT&CK Scope: This work is focused on ATT&CK (sub-)techniques included in the Enterprise domain v10; mobile techniques are not covered.
  • Native Security Controls: This work focused on mapping the security controls produced by Google or offered as Google products. The selected controls are considered native to the platform, i.e., produced by the vendor themselves or third-party controls branded or acquired by the vendor. Third-party security controls offered in cloud marketplaces are considered out of scope and were excluded from analysis.
  • Google Cloud Security: Most of the controls included in scope were derived from Google Cloud Security Solutions and our review of GCP security documentation.

Supporting Resources

This project provides the following supporting resources:

  • Use Cases - There are several use cases for applying the mapping files to advance the state-of-the-art and the state-of-the-practice in threat-informed defense.
  • Methodology – A methodology for using the mapping data format and scoring rubric to produce mapping files for security controls native to a technology platform. By providing a methodology, we hope to encourage a consistent, best-practice approach to performing mappings that will make mappings more comparable to each other. It also encourages community mappings to be developed – including, potentially, by security vendors themselves.
  • Scoring Rubric - A scoring rubric that enables assessing the effectiveness of a security control native to a technology platform in mitigating the set of ATT&CK techniques that it has been mapped to. This scoring rubric enables providing a score for each (sub-)technique included in a security control's mapping file.
  • Mapping Data Format - The specification of a YAML file that captures the mapping of a security control native to a technology platform to the set of ATT&CK techniques that it mitigates.
  • Mapping Tool – A Python-based tool that enables validating and producing ATT&CK Navigator layers for mapping files.
  • Releases - A list of updates to this repository.

Getting Involved

There are several ways that you can get involved with this project and help advance threat-informed defense:

  • Review the mappings, use them, and tell us what you think. We welcome your review and feedback on the mappings, our methodology, and resources.
  • Apply the methodology and share your security capability mappings. We encourage organizations to apply our methodology to map the security capabilities of their products and we welcome mapping contributions.
  • Help us prioritize additional platforms to map. Let us know what platforms you would like to see mapped to ATT&CK. Your input will help us prioritize how we expand our mappings.
  • Share your ideas. We are interested in developing additional tools and resources to help the community understand and make threat-informed decisions in their risk management programs. If you have ideas or suggestions, we consider them as explore additional research projects.

Questions and Feedback

Please submit issues for any technical questions/concerns or contact [email protected] directly for more general inquiries.

Notice

Copyright 2021 MITRE Engenuity. Approved for public release. Document number CT0019

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].