enterpriseattack


Nameenterpriseattack JSON
Version 0.1.8 PyPI version JSON
download
home_pagehttps://github.com/xakepnz/enterpriseattack
SummaryA lightweight Python module to interact with the Mitre Att&ck Enterprise framework.
upload_time2023-01-12 04:07:05
maintainer
docs_urlNone
authorxakepnz
requires_python
license
keywords mitre att&ck att&ck enterprise enterpriseattack mitre framework att&ck
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI
coveralls test coverage No coveralls.
            [![Downloads](https://pepy.tech/badge/enterpriseattack)](https://pepy.tech/project/enterpriseattack)
[![PyPI version](https://badge.fury.io/py/enterpriseattack.svg)](https://badge.fury.io/py/enterpriseattack)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![image](https://img.shields.io/pypi/pyversions/enterpriseattack.svg)](https://pypi.org/project/enterpriseattack/)
[![image](https://app.travis-ci.com/xakepnz/enterpriseattack.svg?branch=main)](https://travis-ci.com/xakepnz/enterpriseattack)

## enterpriseattack - MITRE's Enterprise Att&ck

A lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://github.com/xakepnz/enterpriseattack/tree/main/docs) for more info.

## MITRE Att&ck

MITRE ATT&CKĀ® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

### Dependancies

* Python 3.x
* ujson >= 3.0.0
* requests >= 2.9.2

## Installation

### Install via Pip:
   ```sh
   pip3 install enterpriseattack
   ```

### Alternatively clone the repository:
   ```sh
   git clone https://github.com/xakepnz/enterpriseattack.git
   cd enterpriseattack
   python3 setup.py install
   ```

<p align="right">(<a href="#top">back to top</a>)</p>

## Docker:

### Build the docker image:

```sh
docker build enterpriseattack:0.1.8 .
docker tag enterpriseattack:0.1.8 enterpriseattack:latest
```

### Run the benchmarks on the container:
```sh
docker run enterpriseattack
```

<p align="right">(<a href="#top">back to top</a>)</p>

## Usage

### Initialise an Attack object:
```py
import enterpriseattack

attack = enterpriseattack.Attack()
```

### Example Subscriptable objects:
Access any object directly from the Attack class, rather than iterating to find specific objects.

```py
attack = enterpriseattack.Attack(subscriptable=True)

wizard_spider = attack.groups.get('Wizard Spider')
print(len(wizard_spider.tactics))

execution = attack.tactics.get('Execution')
print(len(execution.techniques))
```

### Example: Passing custom args:
In this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.

* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)
* `url` - (optional) location of enterprise json file to download from.
* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.
* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).
* `mitre_version` - (optional) specify a MITRE ATT&CK data version.
* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.

```py
attack = enterpriseattack.Attack(
   enterprise_json=None,
   url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',
   include_deprecated=False,
   update=False,
   subscriptable=True,
   mitre_version='latest',
   proxies={'http':'http://127.0.0.1:1337'}
)
```

### Example: Force Download/use an older MITRE ATT&CK data set:
```py
attack = enterpriseattack.Attack(
   mitre_version='11.3',
   update=True
)

print(attack.mitre_version)
```

### Example: Iterate over tactics/techniques/sub_techniques:
```py
attack = enterpriseattack.Attack()

for tactic in attack.tactics:
   print(tactic.name)
   for technique in tactic.techniques:
      print(technique.name)
      print(technique.detection)

for software in attack.software:
    for technique in software.techniques:
        for sub_technique in technique.sub_techniques:
            print(software.name, technique.name, sub_technique.name)
```

### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:
```py
attack = enterpriseattack.Attack()

for tactic in attack.tactics:
   print(tactic.to_json())

for group in attack.groups:
   print(group.to_json())

...
```

For more examples, please refer to the [Documentation](https://github.com/xakepnz/enterpriseattack/tree/main/docs)

<p align="right">(<a href="#top">back to top</a>)</p>

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/xakepnz/enterpriseattack",
    "name": "enterpriseattack",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "mitre att&ck,att&ck enterprise,enterpriseattack,mitre framework,att&ck",
    "author": "xakepnz",
    "author_email": "xakepnz@protonmail.com",
    "download_url": "https://files.pythonhosted.org/packages/9c/3b/88479ddc33d59029e5fa565d9dffdf9888b6a36f361d753863d46891d40d/enterpriseattack-0.1.8.tar.gz",
    "platform": null,
    "description": "[![Downloads](https://pepy.tech/badge/enterpriseattack)](https://pepy.tech/project/enterpriseattack)\n[![PyPI version](https://badge.fury.io/py/enterpriseattack.svg)](https://badge.fury.io/py/enterpriseattack)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![image](https://img.shields.io/pypi/pyversions/enterpriseattack.svg)](https://pypi.org/project/enterpriseattack/)\n[![image](https://app.travis-ci.com/xakepnz/enterpriseattack.svg?branch=main)](https://travis-ci.com/xakepnz/enterpriseattack)\n\n## enterpriseattack - MITRE's Enterprise Att&ck\n\nA lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://github.com/xakepnz/enterpriseattack/tree/main/docs) for more info.\n\n## MITRE Att&ck\n\nMITRE ATT&CK\u00ae is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.\n\n### Dependancies\n\n* Python 3.x\n* ujson >= 3.0.0\n* requests >= 2.9.2\n\n## Installation\n\n### Install via Pip:\n   ```sh\n   pip3 install enterpriseattack\n   ```\n\n### Alternatively clone the repository:\n   ```sh\n   git clone https://github.com/xakepnz/enterpriseattack.git\n   cd enterpriseattack\n   python3 setup.py install\n   ```\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n\n## Docker:\n\n### Build the docker image:\n\n```sh\ndocker build enterpriseattack:0.1.8 .\ndocker tag enterpriseattack:0.1.8 enterpriseattack:latest\n```\n\n### Run the benchmarks on the container:\n```sh\ndocker run enterpriseattack\n```\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n\n## Usage\n\n### Initialise an Attack object:\n```py\nimport enterpriseattack\n\nattack = enterpriseattack.Attack()\n```\n\n### Example Subscriptable objects:\nAccess any object directly from the Attack class, rather than iterating to find specific objects.\n\n```py\nattack = enterpriseattack.Attack(subscriptable=True)\n\nwizard_spider = attack.groups.get('Wizard Spider')\nprint(len(wizard_spider.tactics))\n\nexecution = attack.tactics.get('Execution')\nprint(len(execution.techniques))\n```\n\n### Example: Passing custom args:\nIn this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.\n\n* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)\n* `url` - (optional) location of enterprise json file to download from.\n* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.\n* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).\n* `mitre_version` - (optional) specify a MITRE ATT&CK data version.\n* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.\n\n```py\nattack = enterpriseattack.Attack(\n   enterprise_json=None,\n   url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',\n   include_deprecated=False,\n   update=False,\n   subscriptable=True,\n   mitre_version='latest',\n   proxies={'http':'http://127.0.0.1:1337'}\n)\n```\n\n### Example: Force Download/use an older MITRE ATT&CK data set:\n```py\nattack = enterpriseattack.Attack(\n   mitre_version='11.3',\n   update=True\n)\n\nprint(attack.mitre_version)\n```\n\n### Example: Iterate over tactics/techniques/sub_techniques:\n```py\nattack = enterpriseattack.Attack()\n\nfor tactic in attack.tactics:\n   print(tactic.name)\n   for technique in tactic.techniques:\n      print(technique.name)\n      print(technique.detection)\n\nfor software in attack.software:\n    for technique in software.techniques:\n        for sub_technique in technique.sub_techniques:\n            print(software.name, technique.name, sub_technique.name)\n```\n\n### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:\n```py\nattack = enterpriseattack.Attack()\n\nfor tactic in attack.tactics:\n   print(tactic.to_json())\n\nfor group in attack.groups:\n   print(group.to_json())\n\n...\n```\n\nFor more examples, please refer to the [Documentation](https://github.com/xakepnz/enterpriseattack/tree/main/docs)\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "A lightweight Python module to interact with the Mitre Att&ck Enterprise framework.",
    "version": "0.1.8",
    "split_keywords": [
        "mitre att&ck",
        "att&ck enterprise",
        "enterpriseattack",
        "mitre framework",
        "att&ck"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "04b6f300d4faab57fa30cd3959171694551e7bbd435d52b2d690f33bc94f735b",
                "md5": "f83c8a5199f5abb5818fbb25fc0dd734",
                "sha256": "aaa4b0472e943014a3f13a06ef969deb81f3320c8417e2aad532e9c1f10b0c2d"
            },
            "downloads": -1,
            "filename": "enterpriseattack-0.1.8-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "f83c8a5199f5abb5818fbb25fc0dd734",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": null,
            "size": 20529,
            "upload_time": "2023-01-12T04:07:01",
            "upload_time_iso_8601": "2023-01-12T04:07:01.449751Z",
            "url": "https://files.pythonhosted.org/packages/04/b6/f300d4faab57fa30cd3959171694551e7bbd435d52b2d690f33bc94f735b/enterpriseattack-0.1.8-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "839512d59db36cfcb69e6105c09e337626274af801c4b7ea41ad81de5895bfc0",
                "md5": "779a80cd8f26b571c4f581022a869811",
                "sha256": "2f380eff10a818e94183e33b910625617ee6153b8bcfbc5ab5a89c3a88e02f8f"
            },
            "downloads": -1,
            "filename": "enterpriseattack-0.1.8-py3.10.egg",
            "has_sig": false,
            "md5_digest": "779a80cd8f26b571c4f581022a869811",
            "packagetype": "bdist_egg",
            "python_version": "0.1.8",
            "requires_python": null,
            "size": 42463,
            "upload_time": "2023-01-12T04:07:03",
            "upload_time_iso_8601": "2023-01-12T04:07:03.643158Z",
            "url": "https://files.pythonhosted.org/packages/83/95/12d59db36cfcb69e6105c09e337626274af801c4b7ea41ad81de5895bfc0/enterpriseattack-0.1.8-py3.10.egg",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "9c3b88479ddc33d59029e5fa565d9dffdf9888b6a36f361d753863d46891d40d",
                "md5": "6710e14f198f5bd4641d56ab2b06134a",
                "sha256": "bc43ede88e517b4f4a1cfb2dbb9a86e231bb44b03d7bcff0bc99baca03e0e4fa"
            },
            "downloads": -1,
            "filename": "enterpriseattack-0.1.8.tar.gz",
            "has_sig": false,
            "md5_digest": "6710e14f198f5bd4641d56ab2b06134a",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 13316,
            "upload_time": "2023-01-12T04:07:05",
            "upload_time_iso_8601": "2023-01-12T04:07:05.215127Z",
            "url": "https://files.pythonhosted.org/packages/9c/3b/88479ddc33d59029e5fa565d9dffdf9888b6a36f361d753863d46891d40d/enterpriseattack-0.1.8.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-01-12 04:07:05",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "xakepnz",
    "github_project": "enterpriseattack",
    "travis_ci": true,
    "coveralls": false,
    "github_actions": false,
    "requirements": [],
    "lcname": "enterpriseattack"
}
        
Elapsed time: 0.38948s