monkey/docs/content/development/attack_mitigations.md

---
title: "MITRE ATT&CK Mitigations"
date: 2021-09-30T08:18:37+03:00
draft: true
weight: 10
---

{{% notice info %}}
Check out [the documentation for the MITRE ATT&CK techniques as well]({{< ref "/reports/mitre" >}}).
{{% /notice %}}

## Summary

Attack Mitigations are presented in MITRE ATT&CK report. They appear next to
descriptions of attack techniques and suggest steps that can be taken to reduce
the risk of that particular technique being successful in a network. They also
provide links for further reading on https://attack.mitre.org/

The Infection Monkey is shipped with pre-processed information about MITRE
ATT&CK mitigations located at
`monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`. This may need to
be periodically updated as the MITRE ATT&CK framework evolves.


## Updating the MITRE ATT&CK mitigations data
1. Clone the [MITRE Cyber Threat Intelligence
   Repository](https://github.com/mitre/cti) or the [Guardicore
   fork](https://github.com/guardicore/cti):
   ```
   $ CTI_REPO=$PWD/cti
   $ git clone <REPO> $CTI_REPO
   ```
2. Start a MongoDB v4.2 server.
3. Run the script to generate the `attack_mitigations.json` file:
   ```
   $ cd monkey/deployment_scripts/dump_attack_mitigations
   $ pip install -r requirements.txt
   $ python dump_attack_mitigations.py --cti-repo $CTI_REPO --dump-file-path ../../monkey/monkey_island/cc/setup/mongo/attack_mitigations.json
   ```
docs: Add attack mitigations documentation 2021-09-30 17:44:06 +08:00			`---`
Docs: Add steps to attack mitigations dump script documentation 2021-09-30 22:33:09 +08:00			`title: "MITRE ATT&CK Mitigations"`
docs: Add attack mitigations documentation 2021-09-30 17:44:06 +08:00			`date: 2021-09-30T08:18:37+03:00`
			`draft: true`
			`weight: 10`
			`---`

			`{{% notice info %}}`
			`Check out [the documentation for the MITRE ATT&CK techniques as well]({{< ref "/reports/mitre" >}}).`
			`{{% /notice %}}`

Docs: Add steps to attack mitigations dump script documentation 2021-09-30 22:33:09 +08:00			`## Summary`
docs: Add attack mitigations documentation 2021-09-30 17:44:06 +08:00
Docs: Add description of Attack Mitigations 2021-10-01 20:24:47 +08:00			`Attack Mitigations are presented in MITRE ATT&CK report. They appear next to`
			`descriptions of attack techniques and suggest steps that can be taken to reduce`
			`the risk of that particular technique being successful in a network. They also`
			`provide links for further reading on https://attack.mitre.org/`
docs: Add attack mitigations documentation 2021-09-30 17:44:06 +08:00
Docs: Add description of Attack Mitigations 2021-10-01 20:24:47 +08:00			`The Infection Monkey is shipped with pre-processed information about MITRE`
			`ATT&CK mitigations located at`
			`monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`. This may need to
			`be periodically updated as the MITRE ATT&CK framework evolves.`
Docs: Add steps to attack mitigations dump script documentation 2021-09-30 22:33:09 +08:00

			`## Updating the MITRE ATT&CK mitigations data`
			`1. Clone the [MITRE Cyber Threat Intelligence`
			`Repository](https://github.com/mitre/cti) or the [Guardicore`
Docs: Add description of Attack Mitigations 2021-10-01 20:24:47 +08:00			`fork](https://github.com/guardicore/cti):`
Docs: Add steps to attack mitigations dump script documentation 2021-09-30 22:33:09 +08:00			```
			`$ CTI_REPO=$PWD/cti`
			`$ git clone <REPO> $CTI_REPO`
			```
Docs: Add description of Attack Mitigations 2021-10-01 20:24:47 +08:00			`2. Start a MongoDB v4.2 server.`
			3. Run the script to generate the `attack_mitigations.json` file:
Docs: Add steps to attack mitigations dump script documentation 2021-09-30 22:33:09 +08:00			```
			`$ cd monkey/deployment_scripts/dump_attack_mitigations`
			`$ pip install -r requirements.txt`
			`$ python dump_attack_mitigations.py --cti-repo $CTI_REPO --dump-file-path ../../monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`
			```