Cover Image for Customizing Your Security Stack: Coding with MITRE ATT&CK
Blog

Customizing Your Security Stack: Coding with MITRE ATT&CK

11.29.22 | By Brian Greunke

Ascent’s DevOps team designs custom software and automation flows, incorporating cyber threat intelligence (CTI) into products and hardened client environments. This blog outlines highly technical instructions for retrieving and implementing raw MITRE ATT&CK data into your tech stack.

We’ve discussed resources + reasons WHY we build MITRE ATT&CK into our software and tools. Now, let’s discuss HOW we can do that.

The code snippets below outline how to incorporate the data and tools provided by MITRE and demonstrate a breadth of the potential opportunities for further customization.

Example 1: Connect to a TAXII Server to get technique data

MITRE provides a TAXII server to which developers can connect and retrieve information. If we enumerate all the Collections in the response, we will see they align to the ATT&CK Matrices (Enterprise, Mobile, ICS). We can query into the Enterprise collection to gather technique details.

 

Example 2: Get STIX data about a technique

MITRE also provides STIX dumps in JSON format in a GitHub repo. You will notice we are using an object ID to retrieve details about a specific technique. Because the data is deterministic (per version), we know the details about this technique will always be the same, using this specific ID.

 

Example 3: Get the data in Excel

Sometimes a spreadsheet is the fastest way to get the information you need. We can grab ATT&CK data and write it to a file for later consumption.

 

Example 4: Build an ATT&CK Navigator Layer

Using the mitreattack-python package we can build custom Navigator layers from data programmatically. These generated layers can be loaded into ATT&CK Navigator for custom views of defensive coverage, threat capabilities, or even a combination of the two.

 

Interested in guided DevOps?

We believe DevOps is a critical element to resilient cybersecurity infrastructure. Want to learn more, but without all the code? Ascent offers a free MITRE ATT&CK Master Class where Brad Palm, Director for Software, covers the business use case for incorporating ATT&CK into your risk discussions.

Ascent is a world class cybersecurity organization driven to save the world from cybercrime. We interpret and incorporate ATT&CK data into our risk based, intel-driven, threat-informed strategy. Interested in this approach for your organization? Reach out to MITRE@meetascent.com to request a MasterClass or to explore partnership with our DevOps team.

Share this Post
Whether you’re starting your cybersecurity journey or you’re improving your security posture, our team is passionate about protecting your people and business.
content
Blog
How to Accelerate Your Zero Trust Identity Goals

January 31, 2023 – These four Zero Trust identity activities will allow businesses to move quicker on their Zero Trust journeys while prioritizing users.

content
Blog
A CISO’s Business Case for Cyber

January 25, 2023 – CISO proactivity can make all the difference during a board meeting.

content
Blog
How to Enhance People Productivity Through Zero Trust Implementation

January 18, 2023 – Prioritizing people throughout Zero Trust implementation enhances internal buy-in and security initiative momentum.