monkey/docs/content/reports/mitre.md

38 lines
2.6 KiB
Markdown
Raw Normal View History

2020-06-25 03:25:19 +08:00
---
title: "MITRE ATT&CK report"
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
2020-06-25 03:25:19 +08:00
date: 2020-06-24T21:17:18+03:00
draft: false
---
{{% notice info %}}
Check out [the documentation for other reports available in the Infection Monkey]({{< ref "/reports" >}}) and [the documentation for supported ATT&CK techniques]({{< ref "/reference/mitre_techniques" >}}).
{{% /notice %}}
The Infection Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base. After simulating an advanced persistent threat (APT) attack, it generates a report summarizing the success of the techniques utilized along with recommended mitigation steps, helping you identify and mitigate attack paths in your environment.
2020-06-25 03:25:19 +08:00
Watch the overview video:
2020-06-25 03:25:19 +08:00
{{% youtube 3tNrlutqazQ %}}
## How to use the report
The MITRE ATT&CK report is centred around the ATT&CK matrix:
2020-08-13 14:15:47 +08:00
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
2020-06-25 03:25:19 +08:00
The Infection Monkey rates your network on the attack techniques it attempted, assigning one of the corresponding labels to each:
2020-06-25 03:25:19 +08:00
- {{< label danger Red >}}: The Infection Monkey **successfully used** this technique in the simulation. This means your network is vulnerable to the technique.
- {{< label warning Yellow >}}: The Infection Monkey **tried to use** the technique, but wasnt successful. This means your network isn't vulnerable to the way Infection Monkey employed this technique.
2020-08-14 22:05:08 +08:00
- {{< label unused "Dark Gray" >}}: The Monkey **didn't try** the technique. Perhaps it wasn't relevant to this network.
- {{< label disabled "Light Gray" >}}: The Monkey **didn't try** the technique since it wasn't configured.
2020-06-25 03:25:19 +08:00
By clicking on each of the listed techniques, you can see exactly how the Infection Monkey used it and any recommended mitigation steps. For example, let's look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique that's a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
2020-06-25 03:25:19 +08:00
2020-06-29 22:02:57 +08:00
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
2020-06-25 03:25:19 +08:00
In this example, you can see how the Infection Monkey was able to use an old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation steps recommended, including reconfiguring your **Account Use Policies** and implementing **Multi-factor Authentication**.
2020-06-29 22:02:57 +08:00
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")