DeTTecT – Detect Tactics, Techniques & Combat Threats

Comments Off on DeTTecT – Detect Tactics, Techniques & Combat Threats

DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation. The DeTT&CT framework consists of a Python tool, YAML administration files and scoring tables for the different aspects.

DeTT&CT provides the following functionality:

  • Administrate and score the quality of your data sources.
  • Get insight on the visibility you have on for example endpoints.
  • Map your detection coverage.
  • Map threat actor behaviours.
  • Compare visibility, detections and threat actor behaviours to uncover possible improvements in detection and visibility. This can help you to prioritise your blue teaming efforts.

The coloured visualisations are created with the help of MITRE’s ATT&CK™ Navigator.

Work of others

Some functionality within DeTT&CT was inspired by the work of others:

To get started with DeTTect read this page

Example

YAML files are used for administrating scores and relevant metadata. All of which can be visualised by loading JSON layer files into the ATT&CK Navigator (some types of scores and metadata can also be written to Excel).

Also read: BT3 – Blue Team Training Toolkit

See below an example of mapping your data sources to ATT&CK, which gives you a rough overview of your visibility coverage:

DeTT&CT - Data quality

Installation and requirements

Local installation

Requirements

  • Python 3.6 and higher
  • Have the following Python packages installed with its appropriate version: attackcti, simplejson, ruamel.yaml, plotly, pandas and xlsxwriter. See below on how to perform the installation using the requirements.txt file.
Also read: BLUESPAWN – Windows Defense Tool to Empower Blue Teams

Installation

  1. git clone https://github.com/rabobank-cdc/DeTTECT
  2. pip install -r requirements.txt

Download DeTTecT

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress