mitre-attack / mitreattack-python

A python module for working with ATT&CK
https://mitreattack-python.readthedocs.io/
Apache License 2.0
470 stars 108 forks source link

[Docs] Add Section to Docs for accessing STIX #126

Open jondricek opened 1 year ago

jondricek commented 1 year ago

Over on the https://github.com/mitre/cti repository there is a Usage.md file that has information on "Accessing ATT&CK data in python". This section should be brought over to this repository's documentation since this is the official way that we recommend people should be accessing the STIX data.

The data in the USAGE.md file should be considered a starting point, and not necessarily just something to cut and paste over here, but can still be an educational resource for how we tackle parsing the data ourselves.

seansica commented 1 year ago

Review Notes

Review notes as of commit 4ea4b89:


Installation section: consider changing the note about requiring python3 to a bulleted sub-heading section called Prerequisites


The Related MITRE Work should be tucked further down the list, IMO. The ReadTheDocs should prioritize pages relating to usage of the mitreattack-python library.

Same thing with the Contributing and Notice sections. IMO, these are less relevant to the ethos of this website and should be moved further down.

I would re-structure it so that the flow goes from Introduction --> Installation --> Getting Started


The Related MITRE Work -> CTI section says:

Cyber Threat Intelligence repository of the ATT&CK catalog expressed in STIX 2.0 JSON. This repository also contains our USAGE document which includes additional examples of accessing and parsing our dataset in Python.

I would re-word this as:

This repository houses the ATT&CK catalog's Cyber Threat Intelligence, represented in the STIX 2.0 JSON format. Additionally, it includes a USAGE document that provides further examples for accessing and parsing our dataset using Python.


The Related MITRE Work -> ATT&CK section includes a link to https://attack.mitre.org without any context. Consider wrapping this in a sentence like:

Visit the ATT&CK website to browse our curated knowledge base.


The Getting Started section isn't rendering some hyperlinks correctly:

[full documentation](https://mitreattack-python.readthedocs.io/) [pip](https://pip.pypa.io/en/stable/) [python3](https://www.python.org/)


This layout is confusing: is it referring to the "Additional Modules" heading section on the same page, or the "Additional Modules" link in the side pane?

SCR-20230719-mdib

There is another broken hyperlink at the bottom of the Getting Started page:

[ATT&CK Terms of Use](https://attack.mitre.org/resources/terms-of-use/)


The last sentence of the Additional Modules section appears to be formatted incorrectly:

Run diff_stix -h for full usage instructions. | Further documentation can be found here.|

Remove those pipes and wrap the diff_stix -h command in backticks.


I think that's about it for now. I will follow-up with more comments if I find anything.