(I)IoT Security News
Cyber Security, News, Vulnerabilities

CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping

CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats.

Network defenders, analysts, and researchers can see CISA’s videofact sheet, and blog to get started with Decider. CISA encourages the community to use the tool in conjunction with the recently updated Best Practices for MITRE ATT&CK® Mapping guide.

Decider

A web application that assists network defenders, analysts, and researcher in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

This project makes use of MITRE ATT&CK – ATT&CK Terms of Use

Developer Instructions

Before developing, please set up a virtualenv and install the pre-commit git hook scripts.
Decider uses Black and Flake8 with a line length of 119.
Please ensure you are using Python 3.8.10.

To do this, after cloning the repository, run:

sudo apt install -y python3-pip
python3 -m venv venv/
source venv/bin/activate
pip3 install wheel==0.37.1
pip3 install -r requirements.txt
pip3 install -r requirements_dev.txt
pre-commit install

Introduction

Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.

Background

There are 3 different components to Decider: the PostgreSQL database, the web server (uWSGI), and the Decider application. Decider and its components are tested on Ubuntu 20.04 / CentOS 7. Installation and management should be done on either of these platforms.

PostgreSQL

Installation

This is documented inside of Decider’s Admin Guide.

Post Installation

Configuration Options

Decider is configured by two files:

Running

Database Creation

(from the root decider_tool/ directory)

python -m app.utils.db.actions.full_build [--config CONF]: /jsons/source  DB

Postgres Backup and Restore

pg_dump -U DB_USER -W -F t -h HOSTNAME DB_NAME > decider.sql

pg_restore -U DB_USER -W -h localhost -d DB_NAME < app/utils/decider.sql

Source:
https://www.cisa.gov/news-events/alerts/2023/03/01/cisa-releases-decider-tool-help-mitre-attck-mapping

Related posts

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

(I) IoT
7 months ago

Siemens Industrial Products with OPC UA (Update B)

(I) IoT
5 years ago

ABB M2M ETHERNET

(I) IoT
6 years ago
Exit mobile version