A Python module to access up to date ATT&CK content available in STIX via public TAXII server. This project leverages the python classes and functions of the cti-python-stix2 and cti-taxii-client libraries developed by MITRE.
- Provide an easy way to access and interact with up to date ATT&CK content available in STIX via public TAXII server
- Allow security analysts to quickly explore ATT&CK content and apply it in their daily operations
- Allow the integration of ATT&Ck content with other platforms to host up to date information from the framework
- Help security analysts during the transition from the ATT&CK MediaWiki API to the STIX/TAXII 2.0 API
- Learn STIX2 and TAXII Client Python libraries
The project is currently in a beta stage, which means that the code and the functionality is changing, but the current main functions are stabilising. I would love to get your feedback to make it a better project.
- MITRE CTI
- OASIS CTI TAXII Client
- OASIS CTI Python STIX2
- MITRE ATT&CK Framework
- ATT&CK MediaWiki API
- Invoke-ATTACKAPI
- Mitre-Attack-API
Python 3+ or 2.7
You can install it via PIP:
pip install attackcti
Or you can also do the following:
git clone https://github.com/Cyb3rWard0g/ATTACK-Python-Client
cd ATTACK-Python-Client
pip install .
I created a few jupyter notebooks that I hope can help you get familiar with the library and allow you to implement it in your future projects.
Install Jupyter Lab and Pandas==0.22.0 in order to use the Jupyter Notebooks on your own. You can do it by using the requirements.txt file in this repo
pip install -r requirements.txt
Start Jupyter Lab by running the following commands in the root directory of the repo
cd notebooks
jupyter lab
- Roberto Rodriguez @Cyb3rWard0g
- Jose Luis Rodriguez @Cyb3rPandaH
- Revokation logic to update Groups Objects
- Integration with HELK