Mapping NSM rules to MITRE ATT&CK Techniques

About

The idea behind this project is to categorize and develop, where feasible, Suricata (and general NSM) rules by mapping them against the MITRE ATT&CK framework.

How does it work?

Each technique has its own folder. Inside the folder, one of two things can happen:

• We will link to existing rules from known rulesets if a rule already exists
• We will share the rule in the format used by Suricata

The following rulesets are currently considered by this project:

• Emerging Threats Open
• Emerging Threats Pro

Have something to share?

Feel free to reach out to me via Twitter (@0xtf) if you have some rules you'd like to share or comments/questions/tips.

MITRE ATT&CK Navigator

Browse supported techniques using this URL.

Sponsorship

If you're interested in working in this project, 3CORESec has a sponsorship program that allows you to get paid for your contributions to open source projects.

Get in touch for more information!