This program exports MITRE ATT&CK enterpise matrix into a ELK dashboard. Check out this blog post entry for having better understanding on the benefits of exporting the ATT&CK enterprise matrix into ELK.
- Clone or fork this repo git@github.com:michaelhidalgo/attack-to-elk.git
- Create a virtual environment using virtualenv:
virtualenv env
- Activate the virtual environment running source env/bin/activate from the root folder.
- Install dependencies from requirements file pip3 install -r requirements.txt
- Export following environment variables with Elasticsearch IP address and port:
export es_hostname='Your ELK IP'
export es_port='Your ELK port (9200 by default)'
- Run the program using Python3:
python3 attack-to-elk.pyAll visualizations, index patterns and dashboards were exported into an artifact JSON file.
Once you've run the script and indexing the matrix, you can go to Kibana Management -> Saved Objects and Import. From there you can choose the artifacts JSON described above and that's it.
