mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 19:05:17 +03:00
efca3ec611
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions) based on subdomain and content analysis. Restores 11 skills corrupted during prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields. All 754 skills now carry structured mappings for all 5 security frameworks: - MITRE ATT&CK (in tags) - MITRE ATLAS v5.5 (atlas_techniques) - MITRE D3FEND v1.3 (d3fend_techniques) - NIST AI RMF 1.0 (nist_ai_rmf) - NIST CSF 2.0 (nist_csf)
2.4 KiB
2.4 KiB
name, description, domain, subdomain, tags, version, author, license, nist_ai_rmf, atlas_techniques, d3fend_techniques, nist_csf
| name | description | domain | subdomain | tags | version | author | license | nist_ai_rmf | atlas_techniques | d3fend_techniques | nist_csf | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| performing-threat-emulation-with-atomic-red-team | Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises. | cybersecurity | threat-intelligence |
|
1.0 | mahipal | Apache-2.0 |
|
|
|
|
Performing Threat Emulation with Atomic Red Team
When to Use
- When conducting security assessments that involve performing threat emulation with atomic red team
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing
Prerequisites
- Familiarity with threat intelligence concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Instructions
Use atomic-operator to execute Atomic Red Team tests and validate detection coverage against MITRE ATT&CK techniques.
from atomic_operator import AtomicOperator
operator = AtomicOperator()
# Run a specific technique test
operator.run(
technique="T1059.001", # PowerShell execution
atomics_path="./atomic-red-team/atomics",
)
Key workflow:
- Clone the atomic-red-team repository for test definitions
- Select ATT&CK techniques matching your detection rules
- Execute atomic tests using atomic-operator
- Check SIEM/EDR for corresponding alerts
- Document detection gaps and update rules
Examples
# Parse atomic test YAML definitions
import yaml
with open("atomics/T1059.001/T1059.001.yaml") as f:
tests = yaml.safe_load(f)
for test in tests.get("atomic_tests", []):
print(f"Test: {test['name']}")
print(f" Platforms: {test.get('supported_platforms', [])}")