Elemental Attack Elemental Save

Elemental - An ATT&CK Threat Library

Project README

Elemental

Elemental is a centralized threat library of MITRE ATT&CK techniques, Atomic Red Team tests, and over 280 Sigma rules. It provides an alternative way to explore the ATT&CK dataset, mapping relevant Atomic Red Team tests and Sigma rules to their respective technique. Elemental allows defenders to create custom ATT&CK Techniques and upload Sigma Rules. The ATT&CK dataset was collected via the hunters-forge attackcti Python client. Atomic Red Team tests were imported from the Atomic Red Team GitHub repository. Sigma rules were imported from Sigma's GitHub rule collection if they contained ATT&CK tags.

This platform was conceived as a capstone project for University of California Berkeley's Master of Information and Cybersecurity program. We look forward to community feedback for new ideas and improvements. This instance of Elemental is experimental and not configured for production deployment. Please see Django documentation on configuring a production server.

Features

View ATT&CK Technique information
View Atomic Red Team tests in Markdown and Yaml
View Sigma rules in Yaml
Add new ATT&CK Techniques (currently only available from Django Admin panel)
Upload new Sigma rules (currently only available from Django Admin panel)

Screenshots

Main Elements View

Technique View

Atomics View

Sigma Rules View

Installation

git clone https://github.com/Elemental-attack/Elemental.git

cd Elemental/elemental

pip install -r requirements.txt

python manage.py runserver

Default Django admin page crendentials: user: elemental | password: berkelium

Thanks

Mitre ATT&CK - https://github.com/mitre/cti

Atomic Red Team - https://github.com/redcanaryco/atomic-red-team

ATT&CK Python Client - https://github.com/hunters-forge/ATTACK-Python-Client

Sigma - https://github.com/Neo23x0/sigma

TODO

Log Source mapping for Techniques and Sigma rules
Custom Techniques add
Custom Sigma Rules upload
Sigmac to convert rules to desired SIEM
Filter capabilities on Elements page
Integrate update functionality for ATT&CK, Atomic Red Team, and Sigma rules repo

Authors

Josh Hakala (exec-bypass)
Steve Rice (sdrice)
Aaron Crouch (TTwoONEsiXX)
Erick Pasco (epasco5)

License

Please see license file

Open Source Agenda is not affiliated with "Elemental Attack Elemental" Project. README Source: Elemental-attack/Elemental

Stars

314

Open Issues

Last Commit

1 year ago

Repository

Elemental-attack/Elemental

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/elemental-attack-elemental"><img src="https://www.opensourceagenda.com/projects/elemental-attack-elemental/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022