您最多能選擇 25 個主題 主題必須以字母或數字為開頭,可包含連接號「-」且最長為 35 個字元。
boB Rudis 1fc2fd066f
attckr
4 年前
R attckr 4 年前
data attckr 4 年前
data-raw attckr 4 年前
inst 0.2.0 4 年前
man attckr 4 年前
tests R package repo initialization complete 5 年前
tools attckr 4 年前
.Rbuildignore update 5 年前
.codecov.yml R package repo initialization complete 5 年前
.gitignore R package repo initialization complete 5 年前
.travis.yml R package repo initialization complete 5 年前
CONDUCT.md R package repo initialization complete 5 年前
DESCRIPTION attckr 4 年前
LICENSE update 5 年前
NAMESPACE 0.2.0 4 年前
NEWS.md R package repo initialization complete 5 年前
README.Rmd attck_map() 5 年前
README.md 0.2.0 4 年前
attckr.Rproj R package repo initialization complete 5 年前

README.md

Project Status: WIP – Initial development is in progress, but therehas not yet been a stable, usable release suitable for thepublic. Signedby Signed commit% Linux buildStatus CoverageStatus Minimal RVersion License

attckr

Analyze Adversary Tactics and Techniques Using the MITRE ATT&CK CTI Corpus

Description

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Tools are provided to analyze adversary tactics and techniques, build incident metrics, and identify high level program gaps using the MITRE ATT&CK CTI Corpus.

What’s Inside The Tin

The following functions are implemented:

  • attck_cdf_tactic: Product an ATT&CK Cumulative Distribution Function by Tactic
  • attck_map: Generate an ATT&CK heatmap
  • enterprise_attack: Enterprise Attack Taxonomy v2.0
  • fct_tactic: Make an ordered Tactics factor with optional better labelling
  • mobile_attack: Mobile Attack Taxonomy v2.0
  • pre_attack: Pre-Attack Taxonomy v2.0
  • read_events: Read in ATT&CK events from a file
  • tactics_f: Tactics factors (generally for sorting & pretty-printing)
  • theme_enhance_atkmap: Remove cruft from ATT&CK heatmaps
  • tidy_attack: Combined ATT&CK Matricies Tactics, Techniques and Technique detail
  • validate_tactics: Validate Tactics strings against MITRE authoritative source
  • validate_technique_ids: Validate Technique IDs
  • validate_techniques: Validate Techniques strings against MITRE authoritative source

The following datasets are included:

  • enterprise_attack: Enterprise Attack Taxonomy v2.0
  • mobile_attack: Mobile Attack Taxonomy v2.0
  • pre_attack: Pre-Attack Taxonomy v2.0
  • tactics_f: Tactics factors (generally for sorting & pretty-printing)
  • tidy_attack: Combined ATT&CK Matricies Tactics, Techniques and Technique detail

Installation

install.packages("attckr", repos = "https://cinc.rud.is")
# or
remotes::install_git("https://git.rud.is/hrbrmstr/attckr.git")
# or
remotes::install_git("https://git.sr.ht/~hrbrmstr/attckr")
# or
remotes::install_gitlab("hrbrmstr/attckr")
# or
remotes::install_bitbucket("hrbrmstr/attckr")
# or
remotes::install_github("hrbrmstr/attckr")

NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.

Usage

library(attckr)
library(hrbrthemes)
library(tidyverse)

# current version
packageVersion("attckr")
## [1] '0.2.0'
tidy_attack
## # A tibble: 795 x 5
##    technique          description                                                        id      matrix    tactic       
##    <chr>              <chr>                                                              <chr>   <chr>     <chr>        
##  1 .bash_profile and… "<code>~/.bash_profile</code> and <code>~/.bashrc</code> are shel… T1156   mitre-at… persistence  
##  2 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… T1134   mitre-at… defense-evas…
##  3 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… T1134   mitre-at… privilege-es…
##  4 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… CAPEC-… mitre-at… defense-evas…
##  5 Access Token Mani… "Windows uses access tokens to determine the ownership of a runni… CAPEC-… mitre-at… privilege-es…
##  6 Accessibility Fea… "Windows contains accessibility features that may be launched wit… T1015   mitre-at… persistence  
##  7 Accessibility Fea… "Windows contains accessibility features that may be launched wit… T1015   mitre-at… privilege-es…
##  8 Accessibility Fea… "Windows contains accessibility features that may be launched wit… CAPEC-… mitre-at… persistence  
##  9 Accessibility Fea… "Windows contains accessibility features that may be launched wit… CAPEC-… mitre-at… privilege-es…
## 10 Account Access Re… "Adversaries may interrupt availability of system and network res… T1531   mitre-at… impact       
## # … with 785 more rows
events <- read_events(system.file("extdat/sample-incidents.csv.gz", package = "attckr"))
## Parsed with column specification:
## cols(
##   event_id = col_character(),
##   incident_id = col_character(),
##   event_ts = col_date(format = ""),
##   detection_ts = col_date(format = ""),
##   tactic = col_character(),
##   technique = col_character(),
##   discovery_source = col_character(),
##   reporting_source = col_character(),
##   responder_id = col_character()
## )
## You appear to be using Tactic ids.
## You appear to be using Techinque ids.

attck_map(
  events, "pretty", "nl", "enterprise",
  dark_value_threshold = 1,
  size = 3, family = font_rc, lineheight = 0.875
) +
  scale_fill_distiller(
    palette = "Spectral", na.value = "white", label = scales::comma, breaks = 1:3
  ) +
  labs(x = NULL, y = NULL, fill = NULL) +
  theme_ipsum_rc(grid="") +
  theme(axis.text.y = element_blank())

attckr Metrics

Lang # Files (%) LoC (%) Blank lines (%) # Lines (%)
R 13 0.93 304 0.93 72 0.78 180 0.84
Rmd 1 0.07 24 0.07 20 0.22 34 0.16

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.