GithubHelp home page GithubHelp logo

nsm-attack's Introduction

Mapping NSM rules to MITRE ATT&CK Techniques

About

The idea behind this project is to categorize and develop, where feasible, Suricata (and general NSM) rules by mapping them against the MITRE ATT&CK framework.

How does it work?

Each technique has its own folder. Inside the folder, one of two things can happen:

  • We will link to existing rules from known rulesets if a rule already exists
  • We will share the rule in the format used by Suricata

The following rulesets are currently considered by this project:

Have something to share?

Feel free to reach out to me via Twitter (@0xtf) if you have some rules you'd like to share or comments/questions/tips.

MITRE ATT&CK Navigator

Browse supported techniques using this URL.

Sponsorship

If you're interested in working in this project, 3CORESec has a sponsorship program that allows you to get paid for your contributions to open source projects.

Get in touch for more information!

nsm-attack's People

Contributors

0xtf avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

rajrakeshdr benhe119 phoenixml dmoore44 blue-infosec m00zh33 gmichel-csaa materaj2 d4rk-d4nph3 looking-for-vest webvul hecg119 skybulk bijaylimbu dk47os3r stjordanis tskinnerarlo tuantmb zenosslk singlea-lyh lcamry irisnadine rokoman pratikwadodkar

nsm-attack's Issues

Technique data sources

Hi! First of all, kudos for the initiative, and reminding us that ATT&CK is not EDR only.

Many (if not all) of the techniques you have mapped don't have the 'Network intrusion detection system' data source. Depending on how you are using ATT&CK, this might be an issue if you are planing to perform gap/coverage analysis. Are you planning to request the ATT&CK team to add the NIDS data source as you map the techniques?

Thanks!
RD

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.