MITRE DeTTECT - Data Source Visibility and Mapping

Описание: This video shows how to use MITRE DeTTECT (DeTT&CT) to map data source coverage to MITRE ATT&CK. DeTTECT is an open-source project that makes data source mapping and coverage assessment easy. In this video you will learn how to track the data sources your organization currently collects as well as build potential future data sources. The results will be a MITRE Navigator mapping that can be used to communicate the need to add additional data sources.

1:38 MITRE DeTTECT - Tool for mapping data sources
3:52 Installing MITRE DeTTECT
6:45 Running Web Editor
7:13 Demo - Setting current data source coverage
10:42 Convert YAML file to JSON for consumption in MITRE Navigator
11:25 Load visibility map into MITRE Navigator
12:04 Create more demo data for comparison
14:14 Compare various data source coverage against each other

dettect.py commands ran in the video:
Run web editor
python dettect.py editor &

Convert YAML to JSON
python dettect.py ds -fd /mnt/c/Users/JustinHenderson/Downloads/data-sources-new.yaml -l

List coverage by data source
python dettect.py generic -ds

Links:

MITRE Navigator
https://mitre-attack.github.io/attack...

MITRE ATT&CK Enterprise Matrix
https://attack.mitre.org/matrices/ent...

MITRE DeTT&CT (Local instance)
http://localhost:8080/dettect-editor/

MITRE DeTT&CT (Remote instance)
https://rabobank-cdc.github.io/dettec...