/attack-to-elk

This program exports MITRE ATT&CK framework in ELK dashboard

Primary LanguagePythonApache License 2.0Apache-2.0

A better way to visualize, filter and search MITRE ATT&CK matrix

This program exports MITRE ATT&CK enterpise matrix into a ELK dashboard. Check out this blog post entry for having better understanding on the benefits of exporting the ATT&CK enterprise matrix into ELK.

Alt text

Visualizing the relationship between MITRE ATT&CK Tactics, Techniques, Groups and Software

Alt text

Filtering out by MITRE ATT&CK Techniques

Alt text

Installation

  1. Clone or fork this repo git@github.com:michaelhidalgo/attack-to-elk.git
  2. Create a virtual environment using virtualenv:
virtualenv env
  1. Activate the virtual environment running source env/bin/activate from the root folder.
  2. Install dependencies from requirements file pip3 install -r requirements.txt
  3. Export following environment variables with Elasticsearch IP address and port:
  export es_hostname='Your ELK IP'
  export es_port='Your ELK port (9200 by default)'  
  1. Run the program using Python3:
python3 attack-to-elk.py

Importing ELK artifacts

All visualizations, index patterns and dashboards were exported into an artifact JSON file.

Once you've run the script and indexing the matrix, you can go to Kibana Management -> Saved Objects and Import. From there you can choose the artifacts JSON described above and that's it.

Alt text