attack2jira: attack2jira automates the process of standing up a Jira environment...
source link: https://github.com/mvelazc0/attack2jira
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
attack2jira
The MITRE ATT&CK Framework is a great tool security teams can leverage to, among many other things, measure the security posture of an organization against tactics and techniques used in the wild by real threat actors.
At the time of writing, ATT&CK covers 266 Techniques across 12 Tactics. If done manually, tracking this posture's state over time can become a tedious and challenging task. Blue/Purple teams require the proper tools that allow them to efficiently tackle this challenge and focus on whats important.
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage. No more spreadsheets !
Visit the Wiki to view the Demos . attack2jira was first presented at ATT&CKCon 2.0 . For more context, read this blog post .
To allow the community to experiment with this approach, I created a Jira instance hosting the ATTACK project with attack2jira and made anonymously accessible: https://attack.atlassian.net
attack2jira has been tested on Kali Linux 2018.4 and Windows 10 1830 under Python 3.6.
Quick Start Guide
Installation
$ git clone https://github.com/mvelazc0/attack2jira.git $ pip3 install -r attack2jira/requirements.txt
Usage
Print the help menu
$ python3 attack2jira.py -h
Create the Jira ATTACK project and issues
$ python3 attack2jira.py -url https://attack.atlassian.net -u [email protected] -a initialize
Export an ATTACK Navigator JSON layer
$ python3 attack2jira.py -url https://attack.atlassian.net -u [email protected] -a export $ python3 attack2jira.py -url https://attack.atlassian.net -u [email protected] -a export -hide
Acknoledgments
Authors
- Mauricio Velazco - @mvelazco
- Olindo Verrillo - @olindoverrillo
License
This project is licensed under the BSD 3-Clause License - see the LICENSE file for details
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK