Rename to DeTT&CT

README.md

@@ -1,14 +1,14 @@
-<img src="https://github.com/rabobank-cdc/Blue-ATTACK/wiki/images/logo.png" alt="Blue ATT&CK" width=20% height=20%>
+<img src="https://github.com/rabobank-cdc/DeTTACT/wiki/images/logo.png" alt="DeTT&CT" width=20% height=20%>
 
-# Blue ATT&CK
-#### Mapping your blue team to ATT&CK
+# DeTT&CT
+#### Detect Tactics, Techniques & Combat Threats
 
-To get started with Blue ATT&CK, check out the
-[Wiki](https://github.com/rabobank-cdc/Blue-ATTACK/wiki/Getting-started).
+To get started with DeTT&CT, check out the
+[Wiki](https://github.com/rabobank-cdc/DeTTACT/wiki/Getting-started).
 
-Blue ATT&CK will help blue teams in scoring and comparing data source quality, visibility coverage, detection coverage and threat actor behaviours. The Blue ATT&CK framework consists of a Python tool, YAML administration files and [scoring tables](https://github.com/rabobank-cdc/Blue-ATTACK/raw/master/scoring_table.xlsx) for the different aspects.
+DeTT&CT will help blue teams in scoring and comparing data source quality, visibility coverage, detection coverage and threat actor behaviours. The DeTT&CT framework consists of a Python tool, YAML administration files and [scoring tables](https://github.com/rabobank-cdc/DeTTACT/raw/master/scoring_table.xlsx) for the different aspects.
 
-Blue ATT&CK will help you to:
+DeTT&CT will help you to:
 
 - Administrate and score the quality of your data sources.
 - Get insight on the visibility you have on for example endpoints.
@@ -16,7 +16,7 @@ Blue ATT&CK will help you to:
 - Map threat actor behaviours.
 - Compare visibility, detections and threat actor behaviours in order to uncover possible improvements in detection and visibility. This can help you to prioritise your blue teaming efforts.
 
-The colored visualisations are created with the help of MITRE's [ATT&CK Navigator](https://github.com/mitre-attack/attack-navigator).
+The coloured visualisations are created with the help of MITRE's [ATT&CK™ Navigator](https://github.com/mitre-attack/attack-navigator).
 
 ## Authors and contribution
 This project is developed and maintained by [Marcus Bakker](https://github.com/marcusbakker) (Twitter: [@bakker3m](https://twitter.com/bakk3rm)) and [Ruben Bouman](https://github.com/rubinatorz) (Twitter: [@rubenb_2](https://twitter.com/rubenb_2/)). Feel free to contact, DMs are open.
@@ -24,9 +24,9 @@ This project is developed and maintained by [Marcus Bakker](https://github.com/m
 We welcome contributions! Contributions can be both in code, as well as in ideas you might have for further development, usability improvements, etc.
 
 ### Work of others
-Some functionality within Blue ATT&CK was inspired by work of
+Some functionality within DeTT&CT was inspired by work of
 others:
-- Roberto Rodriguez's work on data quality and scoring of ATT&CK techniques ([How Hot Is Your Hunt Team?](https://cyberwardog.blogspot.com/2017/07/how-hot-is-your-hunt-team.html), [Ready to hunt? First, Show me your data!](https://cyberwardog.blogspot.com/2017/12/ready-to-hunt-first-show-me-your-data.html)).
+- Roberto Rodriguez's work on data quality and scoring of MITRE ATT&CK™ techniques ([How Hot Is Your Hunt Team?](https://cyberwardog.blogspot.com/2017/07/how-hot-is-your-hunt-team.html), [Ready to hunt? First, Show me your data!](https://cyberwardog.blogspot.com/2017/12/ready-to-hunt-first-show-me-your-data.html)).
 - The MITRE ATT&CK Mapping project on GitHub:
   https://github.com/siriussecurity/mitre-attack-mapping.
 
@@ -37,12 +37,12 @@ of which can be visualised by loading JSON layer files into the [ATT&CK Navigato
 
 See below an example of mapping your data sources to ATT&CK which gives you a rough overview of your visibility coverage:
 
-<img src="https://github.com/rabobank-cdc/Blue-ATTACK/wiki/images/example_data_sources.png" alt="Blue ATT&CK"><br>
+<img src="https://github.com/rabobank-cdc/DeTTACT/wiki/images/example_data_sources.png" alt="DeTT&CT"><br>
 
 
 ## Installation and requirements
 
-See our GitHub Wiki: [Installation and requirements](https://github.com/rabobank-cdc/Blue-ATTACK/wiki/Installation-and-requirements).
+See our GitHub Wiki: [Installation and requirements](https://github.com/rabobank-cdc/DeTTACT/wiki/Installation-and-requirements).
 
 ## Future developments
 
@@ -55,7 +55,7 @@ See our GitHub Wiki: [Installation and requirements](https://github.com/rabobank
    - [ ]  Techniques administration YAML file: visibility coverage.
    - [ ]  Techniques administration YAML file: detection coverage.
 - Data quality Excel sheet:
-  - [ ]  Add colors to the data quality scores in the Excel sheet.
+  - [ ]  Add colours to the data quality scores in the Excel sheet.
 - YAML files:
   - [ ]  Create an option within the tool to migrate an old administration YAML file version to a new version (such as adding specific key-value pairs).
 - MITRE ATT&CK updates
@@ -65,5 +65,5 @@ See our GitHub Wiki: [Installation and requirements](https://github.com/rabobank
   - [ ]  Integrate information into the framework on what a minimal set of visibility for a technique should be, before you can say to have useful visibility (e.g. technique X requires at least to have visibility on process monitoring, process command line monitoring and DLL monitoring).
 
 ## License: GPL-3.0
-[Blue ATT&CK's GNU General Public License v3.0](https://github.com/rabobank-cdc/Blue-ATTACK/blob/master/LICENSE)
+[DeTT&CT's GNU General Public License v3.0](https://github.com/rabobank-cdc/DeTTACT/blob/master/LICENSE)
 

dettact.py

@@ -9,8 +9,8 @@ def init_menu():
     Initialise the command line parameter menu.
     :return:
     """
-    menu_parser = argparse.ArgumentParser(description='Create MITRE ATT&CK layers for visibility, detection and groups.',
-                                          epilog='Source: https://github.com/rabobank-cdc/Blue-ATTACK')
+    menu_parser = argparse.ArgumentParser(description='Detect Tactics, Techniques & Combat Threats',
+                                          epilog='Source: https://github.com/rabobank-cdc/DeTTACT')
     menu_parser.add_argument('--version', action='version', version='%(prog)s ' + VERSION)
     menu_parser.add_argument('-i', '--interactive', help='launch the interactive menu, which has support for all modes',
                              action='store_true')

generic.py

@@ -2,10 +2,10 @@ import os
 import pickle
 from datetime import datetime as dt
 import yaml
-# Import for attackcti is because of performance reasons in the function that uses this library.
+# Due to performance reasons the import of attackcti is within the function that makes use of this library.
 
-APP_NAME = 'Blue ATT&CK'
-APP_DESC = 'Mapping your blue team to ATT&CK'
+APP_NAME = 'DeTT&CT'
+APP_DESC = 'Detect Tactics, Techniques & Combat Threats'
 VERSION = '1.0'
 
 EXPIRE_TIME = 60*60*24