How to Map Data Sources against MITRE ATT&ACK Techniques

From my previous blog you should have known how to installed DeTT&CT Editor, now we are going to use DeTT&CT for mapping data sources against MITRE ATT&ACK.

First we have to create a python virtual environment so all the dependencies of python work properly. For creating a virtual environment we use below command:

pipenv install

After creating virtual environment we are going to install packaging tool for python that solves common problems associated with workflow using pip and simplifies the development process to single CLI tool.We can install packaging tool by using below command

pipenv shell

Now we will open the DeTT&CT Editor using below command

python dettect.py e

e, DeTT&CT Editor

It will host the DeTT&CT Editor in your local host

Now we will add Data sources like below and then save it in .yaml file

Data Sources: data-sources-new.yaml

Now we will convert the yaml file into json MITRE ATT&ACK navigator file using below command

python dettect.py ds -fd Path-to-file -l — health

It will save the json file into output folder

/yourpath/DeTTECT/output/

Now we will open the MITRE ATT&ACK navigator in below path

https://mitre-attack.github.io/attack-navigator/

we will open the file in navigator and it will give us output like this