The Hunters Hut
The Hunters Hut

A python app to predict Att&ck tactics and techniques from cyber threat reports

Article Excerpt

This tool is designed to predict tactics and techniques from the ATT&CK framework (https://attack.mitre.org/) in cyber threat reports, such as the ones that can be linked in https://otx.alienvault.com/ or https://exchange.xforce.ibmcloud.com/.

property
value
tags
automation,defensive-tradecraft,devops,intel-report,threat-intel,tradecraft-tool
url
https://github.com/vlegoy/rcATT
original_word_count
533

Long Summary

rcATT is a python tool designed to predict tactics and techniques from the ATT&CK framework in cyber threat reports. It can be used through either a command-line interface or a graphical interface, both of which have the same functionalities. These include predicting tactics and techniques from a given cyber threat report, ordering and visualizing the confidence of the classifier for each technique and tactic, saving results in a json file in a STIX format, giving feedbacks to the tool, and saving the feedbacks and/or results to the training set. The tool requires python 3.5 or higher, joblib, pandas, numpy, stix2, scikit-learn, and nltk with the punkt, stopwords, and wordnet packages. For the command-line interface, the user must save the report in a text file and use the command python -p -i [report in a text file]. For the graphical interface, the user must enter the report in the text area and click the "predict" button. To give feedbacks, the user must click the "Correct the results" button. To save the feedbacks and/or results to the training set, the user must click the "Save the results for training" button. To retrain the classifier with new data, the user must click the "āš™" button. To save results in a json file in a STIX format, the user must click the "Export the results" button and fill in the form. rcATT was created by Valentine Legoy during her Master thesis at the University of Twente in partnership with Siemens. More details can be found in the paper "Retrieving ATT&CK tactics and techniques in cyber threat repots".

Short Summary

šŸ““ A python app to predict Att&ck tactics and techniques from cyber threat reports

šŸ‘‰šŸ½ This tool is designed to predict tactics and techniques from the ATT&CK framework (https://attack.mitre.org/) in cyber threat reports, such as the ones that can be linked in https://otx.alienvault.com/ or https://exchange.xforce.ibmcloud.com/. šŸ‘‰šŸ½ rcATT is a python tool for predicting tactics and techniques from cyber threat reports. šŸ‘‰šŸ½ It can be used via command-line or graphical interface with the same functionalities. šŸ‘‰šŸ½ Predict techniques and tactics from a given cyber threat report. šŸ‘‰šŸ½ Order and visualize the confidence of the classifier for each technique and tactic. šŸ‘‰šŸ½ Save results in a json file in STIX format. šŸ‘‰šŸ½ Provide feedbacks to the tool and save them to the training set. šŸ‘‰šŸ½ Requires python 3.5 or higher, along with specific packages. šŸ‘‰šŸ½ Command-line usage requires saving the report in a text file. šŸ‘‰šŸ½ Graphical interface allows entering the report in a text area and clicking "predict" button. šŸ‘‰šŸ½ Created by Valentine Legoy during her Master thesis at the University of Twente in partnership with Siemens.

šŸ”— source link: https://github.com/vlegoy/rcATT

šŸ”— summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/a-python-app-to-predict-att-ck-tactics-and-techniques-from-cyber-threat-reports

#rcATT #python #cybersecurity #ATT&CK #threat

LinkedIn

ThreatHunterz.com