monkey/docs/content/usage/reports/mitre.md

2.2 KiB
Raw Blame History

title date draft
MITRE ATT&CK report 2020-06-24T21:17:18+03:00 false

{{% notice info %}} Check out the documentation for the other reports as well. {{% /notice %}}

The Monkey maps its actions to the MITRE ATT&CK knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.

Watch an overview video:

{{% youtube 3tNrlutqazQ %}}

How to use the report

The MITRE ATT&CK report is centred around the ATT&CK matrix:

MITRE Report

The Monkey rates your network on the attack techniques it attempted. For each technique, you can get

  • {{< label danger Red >}}: The Monkey successfully used the technique in the simulation. That means your network is vulnerable to this technique being employed.
  • {{< label warning Yellow >}}: The Monkey tried to use the technique, but didnt manage to. That means your network isnt vulnerable to the way Monkey employs this technique.
  • {{< label other Grey >}}: The Monkey didn't try the technique this time. Perhaps it wasn't relevant to this network or wasn't configured.

Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, lets look at the Brute Force technique thats a part of employing the Credentials Access tactic:

MITRE Report Credentials Access technique

In this example, you can see how the Monkey was able to use one old root password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including Account Use Policies and implementing Multiple Factor Authentication.

MITRE Report Credentials Access technique