Making MITRE ATT&CK Actionable
The Swimlane Deep Dive team is excited to announce the release of pyattck 2.0 and an equivalent PowerShell version called PSAttck. These open-source tools provide security operations centers (SOCs), defenders and offensive security teams with external data points that enrich MITRE ATT&CK by providing potential commands, queries and even detections for specific techniques. Additionally, these data points enable context related to specific attacker actors or groups, as well as details about different tools used by malicious actors.
By having access to MITRE ATT&CK techniques, actors and tools, security professionals can search logs for potential commands related to a specific technique, allowing them to build and retrieve detections and queries with the information. These open-source projects utilize several other open-source projects to provide actionable context instead of relying on specific domain knowledge and experience with a specific technique, actor or tool listed within MITRE ATT&CK.