MCPcopy Index your code
hub / github.com/center-for-threat-informed-defense/sightings_ecosystem

github.com/center-for-threat-informed-defense/sightings_ecosystem @v2.0.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v2.0.0 ↗ · + Follow
88 symbols 276 edges 23 files 9 documented · 10% updated 13mo agov2.0.0 · 2024-03-12★ 382 open issues

Browse by type

Functions 75 Types & classes 10 Endpoints 3
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Sightings Ecosystem

The Sightings Ecosystem gives cyber defenders visibility into what adversaries are actually doing in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence. With this data, we can analyze trends in evolving adversary behaviors, and ultimately provide a data-driven resource to support prioritizing defensive operations. This project ingests ATT&CK technique sightings and process them to produce useful datasets and reporting.

You can be a part of the success of this project by contributing your Sightings data and help advance the state of cybersecurity at large. To join us, please submit a Data Contributor Request form.

Getting Started

To get started, we suggest skimming the documentation to get familiar with the project. Next, you may want to try creating your own attack flows using the Attack Flow Builder, which is an easy-to-use GUI tool. When you are ready to dive deep, review the Example Flows and JSON Schema for the language.

Resource Description
Project Web Site Complete documentation for the Sightings Ecosystem.
Sightings Data Download the underlying Sightings data. (CSV – 25.7MiB)
Data Contributor Request Become a data contributor.
Upload Tool A tool for automatically submitting sightings data (supports Linux, MacOS, and Windows).

Background

Defenders need data driven answers to questions like:

  • How do I know which techniques to prioritize?
  • As a company in the finance sector, do the attackers I face use different tactics from those facing retail or healthcare?
  • How are attacks trending over time? Are older forms of attacks still in use?
  • Which techniques should I expect to see preceding and proceeding a specific attack?

We believe that a different type of cyber threat intelligence must be shared in order to serve this purpose, and the Center is well-positioned to work across industry. Specifically, security teams, vendors, ISACs/ISAOs, and governments should begin to share sightings of ATT&CK techniques. In other words, they should share when they see adversaries use specific behaviors against real production systems and networks.

Getting Involved

  • Review the project website. The project provides a detailed analysis of our findings and can have immediate impact on the prioritization of cybersecurity controls.
  • Analyze the underlying data. We make the dataset freely available so that you can conduct your own analysis. If you generate any new insights, we would love to hear about it.
  • Become a data contributor. Submit a Data Contributor Request form and help us make Sightings even better!

Questions and Feedback

Please submit issues on GitHub for any technical questions or requests. You may also contact ctid@mitre-engenuity.org directly for more general inquiries about the Center for Threat-Informed Defense.

We welcome your contributions to help advance Sightings Ecosystem in the form of pull requests. Please review the contributor notice before making a pull request.

Notice

Copyright 2021, 2024 MITRE Engenuity. Approved for public release. Document number CT0022, CT0103.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of MITRE ATT&CK®

ATT&CK Terms of Use

Core symbols most depended-on inside this repo

Shape

Function 54
Method 21
Class 10
Route 3

Languages

Python100%

Modules by API surface

src/pipeline/pipeline.py10 symbols
src/analysis/helper_functions/rules_object.py10 symbols
tests/pipeline/test_sighting.py7 symbols
src/pipeline/util.py6 symbols
src/pipeline/objects/technique.py6 symbols
src/pipeline/objects/sighting.py6 symbols
tests/pipeline/test_validator.py5 symbols
src/pipeline/objects/validator.py5 symbols
src/pipeline/db/model.py5 symbols
tests/pipeline/test_util.py4 symbols
tests/pipeline/test_pipeline.py4 symbols
tests/pipeline/test_db.py4 symbols

Datastores touched

sightingsDatabase · 1 repos

For agents

$ claude mcp add sightings_ecosystem \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page