42 Open source projects that are alternatives of or similar to Atomic Threat Coverage

Small and highly portable detection tests based on MITRE's ATT&CK.

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Scripts and a (future) library to improve users' interactions with the ATT&CK content

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Recon Hunt Queries

Mapping NSM rules to MITRE ATT&CK

⚔️MITRE ATT&CK Machinations in R

OpenCTI connectors

CyCAT.org API back-end server including crawlers

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

MITRE Shield website

ATT&CK Evaluations website (DEPRECATED)

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

A python module for working with ATT&CK

See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.

Elemental - An ATT&CK Threat Library

MITRE ATT&CK Website

A knowledge base of actionable Incident Response techniques

Automated Adversary Emulation Platform

Test Blue Team detections without running any attack.

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

Detecting ATT&CK techniques & tactics for Linux

PCAP Samples for Different Post Exploitation Techniques

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.

Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Windows Events Attack Samples

A repository of sysmon configuration modules

Tool to predict attacker groups from the techniques and software used

Web app that provides basic navigation and annotation of ATT&CK matrices

Utilities for MITRE™ ATT&CK

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

An Active Defense and EDR software to empower Blue Teams

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A Linux Auditd rule set mapped to MITRE's Attack Framework