Files
T
mukul975 efca3ec611 feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
2026-04-06 11:17:40 +02:00

2.4 KiB

name, description, domain, subdomain, tags, version, author, license, nist_ai_rmf, atlas_techniques, d3fend_techniques, nist_csf
name description domain subdomain tags version author license nist_ai_rmf atlas_techniques d3fend_techniques nist_csf
performing-threat-emulation-with-atomic-red-team Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises. cybersecurity threat-intelligence
performing
threat
emulation
with
1.0 mahipal Apache-2.0
MEASURE-2.7
MAP-5.1
MANAGE-2.4
AML.T0070
AML.T0066
AML.T0082
Executable Denylisting
Execution Isolation
File Metadata Consistency Validation
Content Format Conversion
File Content Analysis
ID.RA-01
ID.RA-05
DE.CM-01
DE.AE-02

Performing Threat Emulation with Atomic Red Team

When to Use

  • When conducting security assessments that involve performing threat emulation with atomic red team
  • When following incident response procedures for related security events
  • When performing scheduled security testing or auditing activities
  • When validating security controls through hands-on testing

Prerequisites

  • Familiarity with threat intelligence concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Instructions

Use atomic-operator to execute Atomic Red Team tests and validate detection coverage against MITRE ATT&CK techniques.

from atomic_operator import AtomicOperator

operator = AtomicOperator()
# Run a specific technique test
operator.run(
    technique="T1059.001",  # PowerShell execution
    atomics_path="./atomic-red-team/atomics",
)

Key workflow:

  1. Clone the atomic-red-team repository for test definitions
  2. Select ATT&CK techniques matching your detection rules
  3. Execute atomic tests using atomic-operator
  4. Check SIEM/EDR for corresponding alerts
  5. Document detection gaps and update rules

Examples

# Parse atomic test YAML definitions
import yaml
with open("atomics/T1059.001/T1059.001.yaml") as f:
    tests = yaml.safe_load(f)
for test in tests.get("atomic_tests", []):
    print(f"Test: {test['name']}")
    print(f"  Platforms: {test.get('supported_platforms', [])}")