How to Map Data Sources against MITRE ATT&ACK Techniques
From my previous blog you should have known how to installed DeTT&CT Editor, now we are going to use DeTT&CT for mapping data sources against MITRE ATT&ACK.
First we have to create a python virtual environment so all the dependencies of python work properly. For creating a virtual environment we use below command:
pipenv install
After creating virtual environment we are going to install packaging tool for python that solves common problems associated with workflow using pip and simplifies the development process to single CLI tool.We can install packaging tool by using below command
pipenv shell
Now we will open the DeTT&CT Editor using below command
python dettect.py e
e, DeTT&CT Editor
It will host the DeTT&CT Editor in your local host
Now we will add Data sources like below and then save it in .yaml file
Data Sources: data-sources-new.yaml
Now we will convert the yaml file into json MITRE ATT&ACK navigator file using below command
python dettect.py ds -fd Path-to-file -l — health
It will save the json file into output folder
/yourpath/DeTTECT/output/
Now we will open the MITRE ATT&ACK navigator in below path
https://mitre-attack.github.io/attack-navigator/
we will open the file in navigator and it will give us output like this