Docs: Add description of Attack Mitigations

This commit is contained in:
Mike Salvatore 2021-10-01 08:24:47 -04:00
parent 9436f5f5e1
commit 4ef0f542b8
1 changed files with 11 additions and 7 deletions

View File

@ -11,23 +11,27 @@ Check out [the documentation for the MITRE ATT&CK techniques as well]({{< ref "/
## Summary ## Summary
Infection Monkey is shipped with pre-processed information about MITRE ATT&CK Attack Mitigations are presented in MITRE ATT&CK report. They appear next to
mitigations located at descriptions of attack techniques and suggest steps that can be taken to reduce
`monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`. the risk of that particular technique being successful in a network. They also
provide links for further reading on https://attack.mitre.org/
This may need to be periodically updated as the MITRE ATT&CK framework evolves. The Infection Monkey is shipped with pre-processed information about MITRE
ATT&CK mitigations located at
`monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`. This may need to
be periodically updated as the MITRE ATT&CK framework evolves.
## Updating the MITRE ATT&CK mitigations data ## Updating the MITRE ATT&CK mitigations data
1. Clone the [MITRE Cyber Threat Intelligence 1. Clone the [MITRE Cyber Threat Intelligence
Repository](https://github.com/mitre/cti) or the [Guardicore Repository](https://github.com/mitre/cti) or the [Guardicore
fork](https://github.com/guardicore/cti) fork](https://github.com/guardicore/cti):
``` ```
$ CTI_REPO=$PWD/cti $ CTI_REPO=$PWD/cti
$ git clone <REPO> $CTI_REPO $ git clone <REPO> $CTI_REPO
``` ```
2. Start a mongodb v4.2 server 2. Start a MongoDB v4.2 server.
3. Run the script to generate the `attack_mitigations.json` file 3. Run the script to generate the `attack_mitigations.json` file:
``` ```
$ cd monkey/deployment_scripts/dump_attack_mitigations $ cd monkey/deployment_scripts/dump_attack_mitigations
$ pip install -r requirements.txt $ pip install -r requirements.txt