Cover Image for Customizing Your Security Stack: Coding with MITRE ATT&CK
Blog

Customizing Your Security Stack: Coding with MITRE ATT&CK

11.29.22 | By Brian Greunke

Ascent’s DevOps team designs custom software and automation flows, incorporating cyber threat intelligence (CTI) into products and hardened client environments. This blog outlines highly technical instructions for retrieving and implementing raw MITRE ATT&CK data into your tech stack.

We’ve discussed resources + reasons WHY we build MITRE ATT&CK into our software and tools. Now, let’s discuss HOW we can do that.

The code snippets below outline how to incorporate the data and tools provided by MITRE and demonstrate a breadth of the potential opportunities for further customization.

Example 1: Connect to a TAXII Server to get technique data

MITRE provides a TAXII server to which developers can connect and retrieve information. If we enumerate all the Collections in the response, we will see they align to the ATT&CK Matrices (Enterprise, Mobile, ICS). We can query into the Enterprise collection to gather technique details.

 

Example 2: Get STIX data about a technique

MITRE also provides STIX dumps in JSON format in a GitHub repo. You will notice we are using an object ID to retrieve details about a specific technique. Because the data is deterministic (per version), we know the details about this technique will always be the same, using this specific ID.

 

Example 3: Get the data in Excel

Sometimes a spreadsheet is the fastest way to get the information you need. We can grab ATT&CK data and write it to a file for later consumption.

 

Example 4: Build an ATT&CK Navigator Layer

Using the mitreattack-python package we can build custom Navigator layers from data programmatically. These generated layers can be loaded into ATT&CK Navigator for custom views of defensive coverage, threat capabilities, or even a combination of the two.

 

Interested in guided DevOps?

We believe DevOps is a critical element to resilient cybersecurity infrastructure. Want to learn more, but without all the code? Ascent offers a free MITRE ATT&CK Master Class where Brad Palm, Director for Software, covers the business use case for incorporating ATT&CK into your risk discussions.

Ascent is a world class cybersecurity organization driven to save the world from cybercrime. We interpret and incorporate ATT&CK data into our risk based, intel-driven, threat-informed strategy. Interested in this approach for your organization? Reach out to MITRE@meetascent.com to request a MasterClass or to explore partnership with our DevOps team.

Share this Post
Whether you’re starting your cybersecurity journey or you’re improving your security posture, our team is passionate about protecting your people and business.
content
Blog
3 Questions to Ask Before Consolidating Your Security Stack

March 26, 2024 – Security teams can improve the economics of their security strategy in two ways: tool costs and employee time. Platform consolidation addresses both.

content
News
Ascent Solutions Recognized as a Microsoft Security Excellence Awards Finalist for Security Customer Champion

March 12, 2024 – Ascent Solutions announced it is a Security Customer Champion award finalist in the Microsoft Security Excellence Awards.

content
Blog
Why Purdue Model Level 0 Is the Most Important to Secure

February 6, 2024 – If you had to divide a business into operating layers and prioritize by importance, how would you do it? Cybersecurity strategy must rank which risk is most likely to topple a business’ continuity.