Skip to content

Latest commit

 

History

History
75 lines (54 loc) · 2.54 KB

README.md

File metadata and controls

75 lines (54 loc) · 2.54 KB

attack-java

A Java library for working with MITRE ATT&CK®.

Usage

Depend on the attack-java artifact with Maven:

<dependency>
    <groupId>com.wassonlabs</groupId>
    <artifactId>attack-java</artifactId>
    <version>0.0.2</version>
</dependency>

or Gradle:

implementation group: 'com.wassonlabs', name: 'attack-java', version: '0.0.2'

In your application, use the EnterpriseAttack class to access ATT&CK data:

Tactic privilegeEscalation = EnterpriseAttack.getTactic("TA0004");
Technique accessTokenManipulation = EnterpriseAttack.getTechnique("T1134");
Subtechnique parentPidSpoofing = EnterpriseAttack.getSubtechnique("T1134.004");

Development

Generation

First, ensure this repository is checked out with submodules initialized. If needed, update the MITRE CTI submodule. Additionally, you may want to delete the existing XML file(s) under data/src/main/resources/.

attack-java$ python3 -m venv generation/venv
attack-java$ source generation/venv/bin/activate
attack-java$ pip install -r generation/requirements.txt
attack-java$ python generation/main.py

Data Artifact

attack-java/data$ mvn clean install

Library Artifact

First, ensure the data artifact is installed with pom.xml versions set correctly.

attack-java/lib$ mvn clean install

License

This repository is seperated into generation, data and lib subfolders.

The generation subfolder contains the code to generate XML files from MITRE's CTI repository. This code is available under the Apache-2.0 license. However, it is unlikely that you'll use this code as it isn't distributed with attack-java.

The data subfolder contains the project where the generated XML files land. These XML files are a modified copy of MITRE's CTI data. Therefore, this data is available under MITRE's CTI License.

Finally, the lib subfolder contains the attack-java library code. This code is available under the Apache-2.0 license.

The Java artifacts produced from the data and lib subfolders are distributed separately in maven in order to make this licensing clear. However, you only need to depend on the com.wassonlabs.attack-java artifact to use the library, because a dependency is already established between the two artifacts.

Please see the LICENSE file in each subfolder for more information.