Skip to content

SecurityScriptographer/mitre

Repository files navigation

mitre — ATT&CK to D3FEND coverage mapping in Python

Python toolchain that fetches MITRE ATT&CK enterprise STIX data, maps techniques to threat groups, mitigations, and MITRE D3FEND defensive techniques, and builds ATT&CK Navigator heat-map layers from the result.

This is the working code behind the MITRE series on SecurityScriptographer:

What it does

Module Role
loader.py Fetches enterprise ATT&CK STIX via mitreattack-python and caches techniques, groups, mitigations, and relationships as JSON
mapper.py Joins techniques to groups, mitigations, and D3FEND defensive techniques (per-technique D3FEND API lookups, cached)
analyzer.py Computes coverage statistics and writes ATT&CK Navigator layer files (group and mitigation heat maps)
optimizer.py Deduplicates references and saves the compact merged dataset
config.py Paths and logging setup
main.py Runs the whole pipeline end to end

Usage

pip install -r requirements.txt
python main.py

The first run downloads the ATT&CK bundle and one D3FEND mapping per technique into cache/ (a few hundred MB, and the D3FEND calls take a while — subsequent runs are fast). Navigator layers land in navigator_layers/; load them at ATT&CK Navigator.

Example output layers for groups and mitigations are included in navigator_layers/.

Related

License

MIT.

About

Python toolchain that maps MITRE ATT&CK techniques to D3FEND defenses and builds ATT&CK Navigator coverage layers from STIX data.

Topics

Resources

License

Stars

0 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages