Developing with MITRE ATT&CK
This is for any individual or organization who wants to do custom development using the MITRE ATT&CK framework. Maybe your SOAR platform needs some extra enrichment? Maybe your CTI group wants some custom visualizations? Maybe you just want to understand your own security posture better? If you communicate using MITRE ATT&CK (you should be!) and can write Python, this workshop is for you!
Who is this not for?
If you have no experience writing Python code, this may be a bit too specific.
– Introduction and use cases. Why should we develop against MITRE ATT&CK?
– Frameworks and protocols. How is MITRE ATT&CK organized, structured, and communicated?
– Data. Where can we obtain data about MITRE ATT&CK?
– Versioning. How does MITRE handle versions/upgrade and why do we care?
– Existing tools and platforms. What does MITRE provide? What does our community provide?
– Development time! Design, gather, process, and build a function processing tool using Python.
Training Type and Logistics
This is a hands-on, guided development experience. Participants should bring a laptop with:
– A Python3 environment ready and usable
– The ability to connect and download data from the internet
o We will be using free and open ATT&CK data from GitHub and other sources.
o These files will all be text or JSON
MITRE ATT&CK is a fantastic and powerful framework for communicating about adversaries, attacks, and threats. Any security organization can benefit from using the data and tools provided by MITRE (and other awesome third parties!) and incorporating them into their own projects, software, systems, or processes. Additionally, MITRE provides several development tools, uses open protocols, and exposes significant amounts of data for our use.
In this workshop we will cover some common patterns, practices, tools, and methods for consuming, processing, and visualizing MITRE ATT&CK. We will focus on MITRE provided tools/data using the Python programming language but will also expose participants to popular third-party options.
Participants can expect hands-on experience building functional software which they can bring back to their own security organizations.