SlideShare a Scribd company logo

MITRE ATT&CKcon 2.0: Tracking and Measuring ATT&CK Coverage with ATTACK2Jira (Lightning Talk); Mauricio Velazco

MITRE - ATT&CKcon, profile picture
MITRE - ATT&CKcon

The document outlines the development of Attack2Jira, a tool designed to track and measure ATT&CK coverage while leveraging Jira's API. It allows for management of ATT&CK techniques as entities and includes features for collaboration, reporting, and automating the setup of Jira projects. The tool creates custom fields and issues for each ATT&CK technique to facilitate tracking and maturity assessment.

Technology
Related topics:
MITRE ATT&CK Insights Cyber Threat Intelligence
1 of 6
Downloaded 60 times
1
2
3
4
5
6
Tracking & Measuring ATT&CK coverage with attack2jira Mauricio Velazco @mvelazco https://github.com/mvelazc0/
Requirements ✘ Manage ATT&CK techniques as entities ✘ Track state/maturity over time ✘ Interface that allows collaboration: log work, attach documentation, comments, etc. ✘ Basic reporting
Attack2jira ✘ Leverages JIRA’s Api and Roberto’s attackcti library (https://github.com/hunters-forge/ATTACK-Python-Client) ✘ Automates the process of setting up a JIRA project that can be used to track and measure ATT&CK coverage: ✘ Creates a JIRA Project ✘ Creates custom fields: url, tactic & maturity. ✘ Hides unnecessary fields ✘ Creates JIRA issues for each ATT&CK technique
Demo 1
Demo 2
Tracking & Measuring ATT&CK coverage with attack2jira Mauricio Velazco @mvelazco https://github.com/mvelazc0/ https://github.com/mvelazc0/attack2jira

More Related Content

PDF
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE - ATT&CKcon
 
PPTX
BSidesLV -The SOC Counter ATT&CK
Mathieu Saulnier
 
PDF
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
PDF
MITRE ATTACKCon Power Hour - December
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE - ATT&CKcon
 
BSidesLV -The SOC Counter ATT&CK
Mathieu Saulnier
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
MITRE ATTACKCon Power Hour - December
MITRE - ATT&CKcon
 

What's hot (19)

PDF
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
PDF
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
MITRE - ATT&CKcon
 
PDF
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: Building an Atomic Testing Program, Brian Beyer, Red Ca...
MITRE - ATT&CKcon
 
PDF
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
 
PDF
Attack eu 2021 attack4cvc
Andrey Bezverkhiy
 
PDF
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
PDF
MITRE ATTACKcon Power Hour - October
MITRE - ATT&CKcon
 
PPTX
Ending the Tyranny of Expensive Security Tools
Michele Chubirka
 
PDF
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE - ATT&CKcon
 
PDF
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
PDF
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
PROIDEA
 
PDF
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
 
PPTX
Threat Hunting at Scale
Panther Labs
 
PDF
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
MITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Building an Atomic Testing Program, Brian Beyer, Red Ca...
MITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
 
Attack eu 2021 attack4cvc
Andrey Bezverkhiy
 
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
MITRE ATTACKcon Power Hour - October
MITRE - ATT&CKcon
 
Ending the Tyranny of Expensive Security Tools
Michele Chubirka
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE - ATT&CKcon
 
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
PROIDEA
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
 
Threat Hunting at Scale
Panther Labs
 
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE - ATT&CKcon
 
Ad

Similar to MITRE ATT&CKcon 2.0: Tracking and Measuring ATT&CK Coverage with ATTACK2Jira (Lightning Talk); Mauricio Velazco (9)

PDF
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
Mauricio Velazco
 
PDF
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
MITRE ATT&CK
 
PPTX
ATT&CKing Threat Management
Andy Piazza
 
PDF
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
MITRE ATT&CK
 
PDF
From Theory to Practice: How My ATTACK Perspectives Have Changed
MITRE - ATT&CKcon
 
PDF
The ATT&CK Philharmonic
MITRE ATT&CK
 
PDF
Mitre getting-started-with-attack-october-2019
Thang Nguyen
 
PPTX
Jira
Sun Technlogies
 
PDF
MITRE A-TAK Design Philosophy
tom termini
 
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
Mauricio Velazco
 
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
MITRE ATT&CK
 
ATT&CKing Threat Management
Andy Piazza
 
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
MITRE ATT&CK
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
MITRE - ATT&CKcon
 
The ATT&CK Philharmonic
MITRE ATT&CK
 
Mitre getting-started-with-attack-october-2019
Thang Nguyen
 
Jira
Sun Technlogies
 
MITRE A-TAK Design Philosophy
tom termini
 
Ad

More from MITRE - ATT&CKcon (20)

PDF
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
MITRE - ATT&CKcon
 
PDF
State of the ATTACK
MITRE - ATT&CKcon
 
PDF
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
MITRE - ATT&CKcon
 
PDF
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
MITRE - ATT&CKcon
 
PDF
MITRE ATTACKcon Power Hour - January
MITRE - ATT&CKcon
 
PDF
What's New with ATTACK for ICS?
MITRE - ATT&CKcon
 
PDF
Putting the PRE into ATTACK
MITRE - ATT&CKcon
 
PDF
What's a MITRE with your Security?
MITRE - ATT&CKcon
 
PDF
ATTACKing the Cloud: Hopping Between the Matrices
MITRE - ATT&CKcon
 
PDF
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
 
PDF
Transforming Adversary Emulation Into a Data Analysis Question
MITRE - ATT&CKcon
 
PDF
TA505: A Study of High End Big Game Hunting in 2020
MITRE - ATT&CKcon
 
PDF
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
 
PDF
What's New with ATTACK for Cloud?
MITRE - ATT&CKcon
 
PDF
Starting Over with Sub-Techniques
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon Power Hour - November
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
MITRE - ATT&CKcon
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
MITRE - ATT&CKcon
 
State of the ATTACK
MITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
MITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE - ATT&CKcon
 
What's New with ATTACK for ICS?
MITRE - ATT&CKcon
 
Putting the PRE into ATTACK
MITRE - ATT&CKcon
 
What's a MITRE with your Security?
MITRE - ATT&CKcon
 
ATTACKing the Cloud: Hopping Between the Matrices
MITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
MITRE - ATT&CKcon
 
TA505: A Study of High End Big Game Hunting in 2020
MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
 
What's New with ATTACK for Cloud?
MITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
MITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
MITRE - ATT&CKcon
 

Recently uploaded (20)

PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation theory and applications.pdf
gurumoop
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 

MITRE ATT&CKcon 2.0: Tracking and Measuring ATT&CK Coverage with ATTACK2Jira (Lightning Talk); Mauricio Velazco