search

nshalabi / ATTACK-Tools

Utilities for MITRE™ ATT&CK
1.01k stars 214 forks source link

Requested Features #6

Open nshalabi opened 5 years ago

nshalabi commented 5 years ago

This is a summary of the features requests I received (in random order):

  1. The ability to import ATT&CK™ data sets using the tool itself.
  2. Add custom techniques not listed in ATT&CK™ (insider threat and fraud focused).
  3. Incorporate more red-teams playbooks, similar to atomic-red-team™.
  4. Start a plan by importing ATT&CK™ navigator exports.
  5. Ability to define targets and assign a "testing guideline" to each, allowing users to input components of their systems in terms of access/process/technology (what is being defended).
  6. Integrate the tool with CALDERA™ to generate tests.
  7. Create macOS & Linux versions.
  8. Open source the tool.
  9. Exporting plans for sharing.
  10. Map NIST SP 800-53 controls to techniques (other controls SOX, PCI, FFIEC).
  11. Allow users to enter known vulnerability data for systems (like Kenna or NVD).
  12. Add technique scoring cost/difficulty/discoverability for attack tree modeling (technique based attack probability and simulation).

Thank you all for your feedback, if you would like to add a new feature or feedback about a requested feature, please add it here or email me directly at nader@nosecurecode.com

OpalSec commented 4 years ago

Amazing tool, I wish I'd found it sooner!

Just the one feature request from what I've seen so far:

  1. Ability to include software used by APTs, e.g. APT30 uses S0028 (SHIPSHAPE), which maps to T1060, T1091, T1023. Implementation of this could be that importing S0028 would add S0028 as a node and expand the three Techniques as child nodes, with the "Use" information populated in the Description field.

Also is there a way to update the sqlite db with the latest data from the Mitre Att&ck site?

nshalabi commented 4 years ago

Thank you!

Much appreciated.