center-for-threat-informed-defense / attack-workbench-frontend

An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application.
https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/attck-workbench/
Apache License 2.0
325 stars 61 forks source link

ATT&CK Workbench Frontend

The ATT&CK Workbench is an application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base.

Organizations or individuals within the ATT&CK community can initialize an instance of the application to serve as the centerpiece to their own customized instance of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software. Finally, the ATT&CK Workbench provides means to share these extensions with the greater ATT&CK community if so desired, facilitating a greater level of collaboration within the community than is possible with current tools.

We developed the Workbench with the ATT&CK user community in mind. If MITRE ATT&CK is at the core our organization’s security operations, you actively track threats against ATT&CK, align your defenses to ATT&CK, or plan your security investments based on ATT&CK, the Workbench is for you. The ATT&CK Workbench enables a number of important use cases within the ATT&CK community:

This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application, as well as the main documentation regarding its use. The ATT&CK Workbench application requires additional components for full operation. See the install and run instructions for more details about setting up the entire project.

The ATT&CK Workbench does not collect or share information with MITRE or any third parties.

Frontend Documentation

For more information about the ATT&CK Workbench, please see the docs folder. The contents of the docs folder is also available in the in-app help page.

Collections and Collection Indexes

Importing and exporting data from the ATT&CK Workbench is facilitated through the Collections and Collection Indexes. These data formats also enable record keeping of ATT&CK versions and extensions.

More information about collections and collection indexes can be found in the collections document.

Install and run

The ATT&CK Workbench application is made up of several repositories. For the full application to operate each needs to be running at the same time. The docker install instructions will install all components and is recommended for most deployments.

The manual install instructions in each repository describe how each component to be deployed to a separate machine or with customized settings.

Installing using Docker

Please refer to our Docker install instructions for information on installing and deploying the the full application using Docker. The docker setup is the easiest way to deploy the application.

Manual Installation

Requirements

Installing dependencies

This step is necessary for cases where the app is deployed locally through ng serve or ng build. It can be skipped for installs using docker (above).

  1. Navigate to app
  2. Run npm install to install required packages

Serve on local machine

  1. Run ng serve within the app directory
  2. Navigate to localhost:4200 in your browser

Compile for use elsewhere

  1. Run ng build within the app directory
  2. Copy files from the app/dist directory

If you're building the app for production, use ng build --prod which will use the production environment instead of the development environment. See modifying the environment for more information.

Modifying the environment

The ATT&CK Workbench Frontend is configured to connect to the REST API running under its default configuration. If the applications is configured to run on a different port, or if the application is to be hosted for access on multiple machines, the environment must be edited to reflect the URLs and port.

These environment properties can be edited under src/environments:

Setting the Default Landing Page

To allow for additional customization, the ATT&CK Workbench enables users to set a default landing page for their instance of Workbench. To set the default landing page:

PKI Certificates

For additional troubleshooting and installation of security certificates for use by ATT&CK Workbench, pleaser refer to PKI Certificates instructions.

Related Work

STIX

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.

STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

https://oasis-open.github.io/cti-documentation/

MITRE ATT&CK

MITRE ATT&CK® is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

https://attack.mitre.org

ATT&CK Navigator

The ATT&CK Navigator is a web-based tool for annotating and exploring ATT&CK matrices. It can be used to visualize defensive coverage, red/blue team planning, the frequency of detected techniques, and more.

https://github.com/mitre-attack/attack-navigator/

Notice

Copyright 2020-2024 MITRE Engenuity. Approved for public release. Document number CT0020 and public release case number 22-3206.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use