Skip to content

DeTT&CT tools

Jump to bottom
Marcus Bakker edited this page Dec 20, 2021 · 3 revisions

DeTT&CT tools consist of the CLI and the Editor.

Command line

Besides a few optional arguments, DeTT&CT has five modes which are described in the help text below. Please note that each mode has a dedicated help function. For example, you can show the help function for group using the following command: python dettect.py group -h. You can find an overview of all help texts here.

usage: dettect.py [-h] [--version] [-i]  ...

Detect Tactics, Techniques & Combat Threats

optional arguments:
  -h, --help         show this help message and exit
  --version          show program's version number and exit
  -i, --interactive  launch the interactive menu, which has support for
                     all modes but not all of the arguments that are
                     available in the CLI

MODE:
  Select the mode to use. Every mode has its own arguments and help info
  displayed using: {editor, datasource, visibility, detection, group,
  generic} --help


    editor (e)       DeTT&CT Editor
    datasource (ds)  data source mapping and quality
    visibility (v)   visibility coverage mapping based on techniques and
                     data sources
    detection (d)    detection coverage mapping based on techniques
    group (g)        threat actor group mapping
    generic (ge)     includes: statistics on ATT&CK data source and
                     updates on techniques, groups and software

Interactive menu

In a future release we will remove the interactive menu. We have decided to do this for the following reasons:

  • Our list of improvements and new features for DeTT&CT is long. Therefore, we want to spend as much time as possible on improving the core of DeTT&CT and less on maintaining functionality that is already provided differently.
  • The interactive menu has not been kept up to date with the latest features and thus features available from the command-line interface.


When using the interactive mode, a menu will be shown that allows you to browse through all modes interactively. Please be aware that this menu does not support all of the arguments that are available in the CLI.

                  -= DeTT&CT =-
-- Detect Tactics, Techniques & Combat Threats --
                  version 1.5.0

   [!]  The interactive menu will be removed from DeTT&CT in a   [!]
   [!]    future release. We advise using the CLI which is       [!]
   [!]      offering support for all features of DeTT&CT.        [!]

Select a mode:
1. Data source mapping
2. Visibility coverage mapping
3. Detection coverage mapping
4. Threat actor group mapping
5. Updates
6. Statistics
7. Quit
 >>

DeTT&CT Editor

The data source, technique and group YAML files can be edited using the DeTT&CT Editor, or your favourite text editor. The DeTT&CT Editor is entirely client-side. Therefore, the content of your YAML file is not sent to a server.

You can find more information on the Editor here.

Overview

  1. Home
  2. Introduction
  3. Installation and requirements
  4. Getting started / How to
  5. Changelog
  6. Future developments
  7. ICS - Inconsistencies

Data sources

  1. Introduction
  2. DeTT&CT data sources
  3. Data sources per platform
  4. Data quality
  5. Scoring data quality
  6. Improvement graph

Visibility Coverage

  1. Introduction
  2. Scoring visibility
  3. Improvement graph

Detection coverage

  1. Introduction
  2. Scoring detection
  3. Improvement graph

Threat actor group mapping

  1. Introduction

YAML administration files

  1. Introduction
  2. Data sources
  3. Techniques
  4. Groups
  5. DeTT&CT Editor
Clone this wiki locally