ATTACK CTI Libary
Project description
ATT&CK Python Client
A Python module to access up to date ATT&CK content available in STIX via public TAXII server. This project leverages the python classes and functions of the cti-python-stix2 and cti-taxii-client libraries developed by MITRE.
Goals
- Provide an easy way to access and interact with up to date ATT&CK content available in STIX via public TAXII server
- Allow security analysts to quickly explore ATT&CK content and apply it in their daily operations
- Allow the integration of ATT&Ck content with other platforms to host up to date information from the framework
- Help security analysts during the transition from the ATT&CK MediaWiki API to the STIX/TAXII 2.0 API
- Learn STIX2 and TAXII Client Python libraries
Current Status: Beta
The project is currently in a beta stage, which means that the code and the functionality is changing, but the current main functions are stabilising. I would love to get your feedback to make it a better project.
Resources
- MITRE CTI
- OASIS CTI TAXII Client
- OASIS CTI Python STIX2
- MITRE ATT&CK Framework
- ATT&CK MediaWiki API
- Invoke-ATTACKAPI
- Mitre-Attack-API
Getting Started
Requirements
Python 3+
Installation
You can install it via PIP:
pip install attackcti
Or you can also do the following:
git clone https://github.com/Cyb3rWard0g/ATTACK-Python-Client
cd ATTACK-Python-Client
pip install .
Jupyter Notebooks - Code Integration
I created a few jupyter notebooks that I hope can help you get familiar with the library and allow you to implement it in your future projects.
Install Jupyter Lab and Pandas in order to use the Jupyter Notebooks on your own. You can do it by using the requirements.txt file in this repo
pip install -r requirements.txt
Start Jupyter Lab by running the following commands in the root directory of the repo
cd notebooks
jupyter lab
Author
- Roberto Rodriguez @Cyb3rWard0g
Contributors
- Jose Luis Rodriguez @Cyb3rPandaH
Contributing
To-Do
- Revokation logic to update Groups Objects
- Integration with HELK
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackcti-0.2.5.tar.gz.
File metadata
- Download URL: attackcti-0.2.5.tar.gz
- Upload date:
- Size: 9.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.2.0 requests-toolbelt/0.8.0 tqdm/4.23.4 CPython/2.7.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e2d8ecdd181877d7bc661d9a6e450e72a80625ddeb5bc52dd4ab3fe774af475
|
|
| MD5 |
3dae323e85a0870b43b19a96221c163d
|
|
| BLAKE2b-256 |
c5dea92e4cfb4969d5e3545cbea9915416cccde46f3ab1bbbaff2330e8315c50
|
File details
Details for the file attackcti-0.2.5-py3-none-any.whl.
File metadata
- Download URL: attackcti-0.2.5-py3-none-any.whl
- Upload date:
- Size: 8.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.2.0 requests-toolbelt/0.8.0 tqdm/4.23.4 CPython/2.7.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a763961eee1d752597cbd492bf147784bd010ab6d2ac519758462ef94b4e43c7
|
|
| MD5 |
c3f9404842a90f7cad0088a9020e9c99
|
|
| BLAKE2b-256 |
1145e4c6ca20fd2b6e646cc0097d60502b5924ec449b5a213502835e5b543b0d
|
