/attack-sync

ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® version updates into their internal systems and processes.

Primary LanguagePythonApache License 2.0Apache-2.0

MITRE ATT&CK® v16 Build Status

ATT&CK Sync

ATT&CK Sync is a Center for Threat-Informed Defense project that aims to ease the process of staying in sync with MITRE ATT&CK® version updates. We recognize widespread difficulties keeping internal systems and date in sync with with ATT&CK, so this project includes tools, data, and methodology to reduce the cost and effort associated with tracking ATT&CK releases. The Center is deploying this technology to improve our own projects, and we believe it will be highly valuable to many other organizations as well.

Table Of Contents:

Getting Started

The best way to get started is to visit the ATT&CK Sync website, where you can quickly access detailed changelogs that show cumulative differences between any two versions of ATT&CK from v8.0 to v13.0. The sample JSON changelog shows how the differences can be consumed in machine-readable format, and the sample Excel mappings show how the machine-readable data can be merged with your internal systems & data to provide contextual ATT&CK changes. Finally, the project wiki provides thorough documentation for the project as well as a case study.

Resource Description
ATT&CK Sync Website An interactive website for detailed comparisons between ATT&CK versions.
Project Wiki The wiki contains project documentation: goals, tools, and methodology.
Case Study Case study measuring efficiency gained from using ATT&CK Sync.
Sample JSON Changelog A sample machine-readable ATT&CK changelog.
Sample Excel Mappings A sample mappings spreadsheet annotated with ATT&CK changes.

Getting Involved

There are several ways that you can get involved with this project and help advance threat-informed defense:

  • Visit the ATT&CK Sync website. Access changelogs that detail the cumulative changes between any ATT&CK versions. This is especially helpful if your organization is contemplating an upgrade of internal systems to a more recent version of ATT&CK.
  • Review the sample documents. These documents will give you a better idea of how ATT&CK Sync can your organization major time and effort while staying in sync with ATT&CK.
  • Tell us what you think. As the project grows, we want to cover a broader set of use cases. Let us know if you like this idea and how we can make it even better in future releases.

Questions and Feedback

Please submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for general inquiries.

How Do I Contribute?

We welcome your feedback and contributions to help advance Attack Sync. Please see the guidance for contributors if are you interested in contributing or simply reporting issues.

Notice

Copyright 2023 MITRE Engenuity. Approved for public release. Document number CT0070.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of MITRE ATT&CK®

ATT&CK Terms of Use