DeTT&CT tools

DeTT&CT tools consist of the CLI and the Editor.

• CLI
• DeTT&CT Editor

CLI

Besides a few optional arguments, DeTT&CT has five modes which are described in the help text below. Please note that each mode has a dedicated help function. For example, you can show the help function for group using the following command: python dettect.py group -h. You can find an overview of all help texts here.

usage: dettect.py [-h] [--version]  ...

Detect Tactics, Techniques & Combat Threats

options:
  -h, --help       show this help message and exit
  --version        show program's version number and exit

MODE:
  Select the mode to use. Every mode has its own arguments and help info
  displayed using: {editor, datasource, visibility, detection, group,
  generic} --help


    editor (e)     DeTT&CT Editor
    datasource (ds)
                   data source mapping and quality
    visibility (v)
                   visibility coverage mapping based on techniques and data
                   sources
    detection (d)  detection coverage mapping based on techniques
    group (g)      threat actor group mapping
    generic (ge)   includes: statistics on ATT&CK data source and updates on
                   techniques, groups and software

Source: https://github.com/rabobank-cdc/DeTTECT

DeTT&CT Editor

The data source, technique and group YAML files can be edited using the DeTT&CT Editor, or your favourite text editor. The DeTT&CT Editor is entirely client-side. Therefore, the content of your YAML file is not sent to a server.

You can find more information on the Editor here.