-
Notifications
You must be signed in to change notification settings - Fork 340
DeTT&CT tools
DeTT&CT tools consist of the CLI and the Editor.
Third party tools:
Besides a few optional arguments, DeTT&CT has five modes which are described in the help text below. Please note that each mode has a dedicated help function. For example, you can show the help function for group
using the following command: python dettect.py group -h
. You can find an overview of all help texts here.
usage: dettect.py [-h] [--version] ...
Detect Tactics, Techniques & Combat Threats
options:
-h, --help show this help message and exit
--version show program's version number and exit
MODE:
Select the mode to use. Every mode has its own arguments and help info
displayed using: {editor, datasource, visibility, detection, group,
generic} --help
editor (e) DeTT&CT Editor
datasource (ds)
data source mapping and quality
visibility (v)
visibility coverage mapping based on techniques and data
sources
detection (d) detection coverage mapping based on techniques
group (g) threat actor group mapping
generic (ge) includes: statistics on ATT&CK data source and updates on
techniques, groups and software
Source: https://github.com/rabobank-cdc/DeTTECT
The data source, technique and group YAML files can be edited using the DeTT&CT Editor, or your favourite text editor. The DeTT&CT Editor is entirely client-side. Therefore, the content of your YAML file is not sent to a server.
You can find more information on the Editor here.
Dettectinator - The Python library to your DeTT&CT YAML files.
Dettectinator is built to be included in your SOC automation tooling. It can be included as a Python library or it can be used via the command line.
Dettectinator provides plugins to read detections from your SIEM or EDR and create/update the DeTT&CT YAML file, so that you can use it to visualize your ATT&CK detection coverage in the ATT&CK Navigator.
More information can be found on Github: Dettectinator.
- Home
- Introduction
- Installation and requirements
- Getting started / How to
- Changelog
- Future developments
- ICS - Inconsistencies
- Introduction
- DeTT&CT data sources
- Data sources per platform
- Data quality
- Scoring data quality
- Improvement graph