Skip to content

Overview

A more flexible, useful, and cooler ATT&CK CTI utility with team-wide collaboration is here!

The Mitre-Assistant surfaced as a collaboration tool amongst many people and skillsets that needed to work with The Mitre Corporation's ATT&CK Matrix.

We needed to expedite both tactical and strategic business plans between security experts and business leaders to support both customers and security community forums. We realized the ecosystem of utilities in the public domain were incomplete, or not capable of offering us the flexibility we were looking for in the pursuit of our security and business objectives.

The main purpose of this utility is to reduce friction between business professionals and the ATT&CK Matrix.

I hope you find this contribution useful in your own business setting.


What does it do?


The Mitre-Assistant at its core is a command-line utility intended to be used for data pipeline workflows to power several applications. It parses the Mitre STIX CTI Repository into a more intuitive and friendlier JSON format, and present insightful information to users of the ATT&CK Matrix.

The tool offers a flexible set of features to allow for the quick extraction of desired information from the ATT&CK Matrix.

ProTip: Experiment | Get Techniques By Specific Datasource & Tactic

Try to obtain all of the techniques that can be detected with the api-monitoring datasource.

When you get there, and don'ty find an easy way to do this yourself immediately, now you can use the mitre assistant like this:

mitre-assistant search -m enterprise -t "api-monitoring"

And filter with our favorite tools by the ones on the Lateral Movement tactic

mitre-assistant search -m enterprise -t "api-monitoring" | grep -i "lateral-movement"

For a complete listing of the features or capabilities offered in Mitre-Assistant, please refer to the Features Section


How does it help?


For Both Strategic and Tactical Planning

If you are practitioner in charge of managing a technical security program, you will need to model and design detection coverage programs based on the ATT&CK Matrix. This utility will save tons of time, I guarantee it.

You will be able to slice & dice the matrix by different views or criteria you are interested in so you can rapidly share information with your team and external partners.

You are also able to export your queries to JSON and CSV.

For Threat Modeling

If you are in a particular industry, for example in Finance, and you need to quickly know all of the FIN adversaries according to the ATT&CK Matrix, what do they do, which malware do they use, and what techniques are attributed to these for your own emulation plans, then please don't waste time, look at this below.

mitre-assistant search -m enterprise -t "fin4,fin5,fin6,fin7,fin8,fin10"

This query above will bring you all of the existing information for all of those adversaries, and produce a table like this below.

Query Output

Snippet

image


Where can I get it?


The utility can be obtained from the releases section of the Github repo where it is being actively developed, or if you are a rustlang user, you can just install via the cargo package manager.

Installing via Cargo

cargo install mitre-assistant