center-for-threat-informed-defense / security-stack-mappings

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
https://center-for-threat-informed-defense.github.io/mappings-explorer/
Apache License 2.0
380 stars 63 forks source link
aws azure cloud gcp mitre-attack security

🚨ATTENTION🚨 The Security Stack Mappings have migrated to CTID’s new Mappings Explorer project. You can find the latest mappings on the Mappings Explorer website. This website presents threat and mitigation data in easily accessible and customizable ways, enabling cyber defenders to understand how security controls and capabilities map onto adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. The source code and raw data for the Mappings Explorer project can be found in the mappings-explorer repository.

Security Stack Mappings

This repository contains a collection of native security controls mapped to MITRE ATT&CK® based on a common methodology and tool set. We aim to empower organizations with independent data on which native security controls are most useful in defending against the adversary TTPs that they care about and establish a foundation for systematically mapping product security controls to ATT&CK. These mappings will allow organizations to make threat-informed decisions when selecting which native security capabilities to use.

Get the Mappings

This project has produced mapping files for the following technology platforms, with more on the roadmap:

Microsoft Azure

HTML Summary YAML Mappings ATT&CK Navigator Layers

Released on June 29, 2021, these mappings cover the native security controls of Microsoft Azure Infrastructure as a Services for version 8.2 of MITRE ATT&CK. The following scoping decisions influenced the Azure mappings:

Amazon Web Services

HTML Summary YAML Mappings ATT&CK Navigator Layers

Released on September 21, 2021, these mappings cover the native security controls of Amazon Web Services for version 9.0 of MITRE ATT&CK. The following scoping decisions influenced the AWS mappings:

Google Cloud Platform

HTML Summary YAML Mappings ATT&CK Navigator Layers

Released on June 28, 2022, these mappings cover the native security controls of Google Cloud Platform (GCP) for version 10 of MITRE ATT&CK. The following scoping decisions influenced the GCP mappings:

Supporting Resources

This project provides the following supporting resources:

Getting Involved

There are several ways that you can get involved with this project and help advance threat-informed defense:

Questions and Feedback

Please submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.

Notice

Copyright 2021 MITRE Engenuity. Approved for public release. Document number CT0019

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use