infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Detect Tactics, Techniques & Combat Threats
163 Commits
1 Branch
17 Tags
12 MiB
SCSS 41.3%
Python 31.6%
Vue 21.7%
JavaScript 3.1%
CSS 2%
Other 0.2%
 
 
 
 
 
 
Go to file
Ruben Bouman 866521f30b Update version number 2019-11-04 15:47:54 +01:00
sample-data Platform attribute with right casing due to ATT&CK October update. 2019-11-04 15:46:04 +01:00
threat-actor-data Added a YAML and Navigator layer file for Kaspersky's Incident Response report 2018 2019-09-16 09:23:10 +02:00
Dockerfile Bumped the version to 1.2.2 2019-10-17 13:51:54 +02:00
LICENSE initial commit 2019-03-29 15:26:25 +01:00
README.md Added a link to the hack.lu 2019 talk 2019-10-31 10:09:30 +01:00
constants.py Update version number 2019-11-04 15:47:54 +01:00
data_source_mapping.py Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS. 2019-11-04 14:48:58 +01:00
dettect.py Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS. 2019-11-04 14:48:58 +01:00
eql_yaml.py Improved the way how EQL is integrated into DeTT&CT. 2019-09-19 15:52:43 +02:00
generic.py Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS. 2019-11-04 14:48:58 +01:00
group_mapping.py Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS. 2019-11-04 14:48:58 +01:00
health.py Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS. 2019-11-04 14:48:58 +01:00
interactive_menu.py Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS. 2019-11-04 14:48:58 +01:00
requirements.txt fix operator in requirements file 2019-08-12 15:44:55 +02:00
scoring_table.xlsx Typos fix 2019-06-10 20:19:19 +02:00
technique_mapping.py Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private 2019-08-20 11:16:05 +02:00
upgrade.py Added an extra check for a possible empty 'comment' key-value pair. 2019-08-20 11:13:25 +02:00

README.md

DeTT&CT

Detect Tactics, Techniques & Combat Threats

Latest version: 1.2.2

To get started with DeTT&CT, check out this page, our talk at hack.lu 2019 and our blog.

DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation. The DeTT&CT framework consists of a Python tool, YAML administration files and scoring tables for the different aspects.

DeTT&CT provides the following functionality:

  • Administrate and score the quality of your data sources.
  • Get insight on the visibility you have on for example endpoints.
  • Map your detection coverage.
  • Map threat actor behaviours.
  • Compare visibility, detections and threat actor behaviours to uncover possible improvements in detection and visibility. This can help you to prioritise your blue teaming efforts.

The coloured visualisations are created with the help of MITRE's ATT&CK™ Navigator.

Authors and contribution

This project is developed and maintained by Marcus Bakker (Twitter: @bakk3rm) and Ruben Bouman (Twitter: @rubenb_2). Feel free to contact, DMs are open.

We welcome contributions! Contributions can be both in code, as well as in ideas you might have for further development, usability improvements, etc.

Work of others

Some functionality within DeTT&CT was inspired by the work of others:

Example

YAML files are used for administrating scores and relevant metadata. All of which can be visualised by loading JSON layer files into the ATT&CK Navigator (some types of scores and metadata can also be written to Excel).

See below an example of mapping your data sources to ATT&CK, which gives you a rough overview of your visibility coverage:

DeTT&CT - Data quality

Installation and requirements

See our GitHub Wiki: Installation and requirements.

License: GPL-3.0

DeTT&CT's GNU General Public License v3.0