creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 14:44:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/analyzing-threat-actor-ttps-with-mitre-attack/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

90 lines
2.1 KiB
Markdown
Raw Blame History

# API Reference: Threat Actor TTP Analysis with MITRE ATT&CK
## ATT&CK STIX Data
### Download
```bash
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json
```
### STIX Object Types
| Type | Description |
|------|-------------|
| `attack-pattern` | Techniques and sub-techniques |
| `intrusion-set` | Threat actor groups |
| `relationship` | Links (group "uses" technique) |
| `malware` | Malware families |
| `tool` | Legitimate tools abused |
## mitreattack-python
### Installation
```bash
pip install mitreattack-python
```
### Query Techniques
```python
from mitreattack.stix20 import MitreAttackData
attack = MitreAttackData("enterprise-attack.json")
# Get all techniques
techniques = attack.get_techniques()
# Get group techniques
group = attack.get_group_by_alias("APT29")
techs = attack.get_techniques_used_by_group(group.id)
```
### Get Technique Mitigations
```python
mitigations = attack.get_mitigations_mitigating_technique(technique.id)
for m in mitigations:
print(m.name, m.description)
```
## ATT&CK Navigator Layer Format
### Technique Entry
```json
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"color": "#ff6666",
"score": 100,
"comment": "Spearphishing Attachment",
"enabled": true
}
```
## ATT&CK Tactic IDs
| Tactic | ID |
|--------|----|
| Reconnaissance | TA0043 |
| Resource Development | TA0042 |
| Initial Access | TA0001 |
| Execution | TA0002 |
| Persistence | TA0003 |
| Privilege Escalation | TA0004 |
| Defense Evasion | TA0005 |
| Credential Access | TA0006 |
| Discovery | TA0007 |
| Lateral Movement | TA0008 |
| Collection | TA0009 |
| Command and Control | TA0011 |
| Exfiltration | TA0010 |
| Impact | TA0040 |
## TAXII Server Access
```python
from stix2 import TAXIICollectionSource, Filter
from taxii2client.v20 import Collection
collection = Collection(
"https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/"
)
src = TAXIICollectionSource(collection)
groups = src.query([Filter("type", "=", "intrusion-set")])
```
Reference in New Issue View Git Blame Copy Permalink