forked from p34709852/monkey
Docs: Add description of Attack Mitigations
This commit is contained in:
parent
9436f5f5e1
commit
4ef0f542b8
|
@ -11,23 +11,27 @@ Check out [the documentation for the MITRE ATT&CK techniques as well]({{< ref "/
|
|||
|
||||
## Summary
|
||||
|
||||
Infection Monkey is shipped with pre-processed information about MITRE ATT&CK
|
||||
mitigations located at
|
||||
`monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`.
|
||||
Attack Mitigations are presented in MITRE ATT&CK report. They appear next to
|
||||
descriptions of attack techniques and suggest steps that can be taken to reduce
|
||||
the risk of that particular technique being successful in a network. They also
|
||||
provide links for further reading on https://attack.mitre.org/
|
||||
|
||||
This may need to be periodically updated as the MITRE ATT&CK framework evolves.
|
||||
The Infection Monkey is shipped with pre-processed information about MITRE
|
||||
ATT&CK mitigations located at
|
||||
`monkey/monkey_island/cc/setup/mongo/attack_mitigations.json`. This may need to
|
||||
be periodically updated as the MITRE ATT&CK framework evolves.
|
||||
|
||||
|
||||
## Updating the MITRE ATT&CK mitigations data
|
||||
1. Clone the [MITRE Cyber Threat Intelligence
|
||||
Repository](https://github.com/mitre/cti) or the [Guardicore
|
||||
fork](https://github.com/guardicore/cti)
|
||||
fork](https://github.com/guardicore/cti):
|
||||
```
|
||||
$ CTI_REPO=$PWD/cti
|
||||
$ git clone <REPO> $CTI_REPO
|
||||
```
|
||||
2. Start a mongodb v4.2 server
|
||||
3. Run the script to generate the `attack_mitigations.json` file
|
||||
2. Start a MongoDB v4.2 server.
|
||||
3. Run the script to generate the `attack_mitigations.json` file:
|
||||
```
|
||||
$ cd monkey/deployment_scripts/dump_attack_mitigations
|
||||
$ pip install -r requirements.txt
|
||||
|
|
Loading…
Reference in New Issue