{"id":13538375,"url":"https://github.com/mitre-attack/attack-navigator","last_synced_at":"2025-05-14T02:09:30.887Z","repository":{"id":37550237,"uuid":"123011487","full_name":"mitre-attack/attack-navigator","owner":"mitre-attack","description":"Web app that provides basic navigation and annotation of ATT\u0026CK matrices","archived":false,"fork":false,"pushed_at":"2025-04-22T14:45:16.000Z","size":47688,"stargazers_count":2114,"open_issues_count":46,"forks_count":624,"subscribers_count":95,"default_branch":"master","last_synced_at":"2025-04-22T15:45:53.396Z","etag":null,"topics":["cti","cyber-threat-intelligence","cybersecurity","mitre-attack","mitre-corporation"],"latest_commit_sha":null,"homepage":"https://mitre-attack.github.io/attack-navigator","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mitre-attack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-02-26T18:29:21.000Z","updated_at":"2025-04-22T00:50:38.000Z","dependencies_parsed_at":"2023-02-10T12:31:25.485Z","dependency_job_id":"9bd3a751-e267-4b28-94f9-61ab5b2b33ae","html_url":"https://github.com/mitre-attack/attack-navigator","commit_stats":{"total_commits":1669,"total_committers":26,"mean_commits":64.1923076923077,"dds":0.5698022768124625,"last_synced_commit":"5f3c6ad136927b43cb15af330aa2858ababafebb"},"previous_names":[],"tags_count":44,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre-attack%2Fattack-navigator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre-attack%2Fattack-navigator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre-attack%2Fattack-navigator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre-attack%2Fattack-navigator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mitre-attack","download_url":"https://codeload.github.com/mitre-attack/attack-navigator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254053261,"owners_count":22006717,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cti","cyber-threat-intelligence","cybersecurity","mitre-attack","mitre-corporation"],"created_at":"2024-08-01T09:01:11.090Z","updated_at":"2025-05-14T02:09:25.871Z","avatar_url":"https://github.com/mitre-attack.png","language":"TypeScript","readme":"# ATT\u0026CK® Navigator\n\nThe ATT\u0026CK Navigator is designed to provide basic navigation and annotation of [ATT\u0026CK](https://attack.mitre.org) matrices, something that people are already doing today in tools like Excel.  We've designed it to be simple and generic - you can use the Navigator to visualize your defensive coverage, your red/blue team planning, the frequency of detected techniques or anything else you want to do.  The Navigator doesn't care - it just allows you to manipulate the cells in the matrix (color coding, adding a comment, assigning a numerical value, etc.).  We thought having a simple tool that everyone could use to visualize the matrix would help make it easy to use ATT\u0026CK.\n\nThe principal feature of the Navigator is the ability for users to define layers - custom views of the ATT\u0026CK knowledge base - e.g. showing just those techniques for a particular platform or highlighting techniques a specific adversary has been known to use. Layers can be created interactively within the Navigator or generated programmatically and then visualized via the Navigator.\n\n## Usage\n\nThe ATT\u0026CK Navigator is hosted live via GitHub Pages. [You can find a live instance of the current version of the Navigator here](https://mitre-attack.github.io/attack-navigator). You can read more about how to use the application itself in the [USAGE](/USAGE.md) document (which is mirrored in the in-app help page).\n\nVersion 4.0+ of the ATT\u0026CK Navigator supports all ATT\u0026CK domains in a single instance of the application instead of requiring a different instance for each domain. Additionally, older versions of ATT\u0026CK can be loaded in the application. The ATT\u0026CK Navigator supports ATT\u0026CK versions 4+. Older versions do not work in the application since their data model is too outdated.\n\nPrevious versions of the Navigator application are also hosted via GitHub Pages for users who want a more classic experience:\n| ATT\u0026CK Version | Navigator Version | Domains | |\n|:---------------|:------------------|:--------|-|\n| [ATT\u0026CK v7.2](https://attack.mitre.org/resources/versions/) | [Navigator v3.1](https://github.com/mitre-attack/attack-navigator/releases/tag/v3.1) | [Enterprise](https://mitre-attack.github.io/attack-navigator/v3/enterprise/) | [Mobile](https://mitre-attack.github.io/attack-navigator/v3/mobile/) |\n| [ATT\u0026CK v6.3](https://attack.mitre.org/resources/versions/) | [Navigator v2.3.2](https://github.com/mitre-attack/attack-navigator/releases/tag/v2.3.2) | [Enterprise](https://mitre-attack.github.io/attack-navigator/v2/enterprise/) | [Mobile](https://mitre-attack.github.io/attack-navigator/v2/mobile/) |\n\nPlease see [Install and Run](#Install-and-Run) for information on how to get the ATT\u0026CK Navigator set up locally.\n\n**Important Note:** Layer files uploaded when visiting our Navigator instance hosted on GitHub Pages are **NOT** being stored on the server side, as the Navigator is a client-side only application. However, we still recommend installing and running your own instance of the ATT\u0026CK Navigator if your layer files contain any sensitive content.\n\nUse our [GitHub Issue Tracker](https://github.com/mitre-attack/attack-navigator/issues) to let us know of any bugs or others issues that you encounter. We also encourage pull requests if you've extended the Navigator in a cool way and want to share back to the community!\n\n*See [CONTRIBUTING.md](https://github.com/mitre-attack/attack-navigator/blob/master/CONTRIBUTING.md) for more information on making contributions to the ATT\u0026CK Navigator.*\n\n## Requirements\n\n* [Node.js v18](https://nodejs.org)\n* [AngularCLI v17](https://cli.angular.io)\n\n## Supported Browsers\n\n* Chrome\n* Firefox\n* Internet Explorer 11\u003csup\u003e[1]\u003c/sup\u003e\n* Edge\n* Opera\n* Safari\u003csup\u003e[2]\u003c/sup\u003e\n\n**[1]** There is a recorded issue with the SVG export feature on Internet Explorer. Because of a [missing functionality on SVGElements](https://developer.mozilla.org/en-US/docs/Web/API/ParentNode/children) in that browser, text will not be properly vertically centered in SVGs exported in that browser. We recommend switching to a more modern browser for optimal results.\n\n**[2]** ATT\u0026CK Navigator only supports Safari versions 14 and above because older versions of the browser can exhibit an unfixable freeze when selecting a layer tab. Users on unsupported versions of the browser will be warned of this possibility when opening the application.\n\n## Install and Run\n\n### First time\n\n1. Navigate to the **nav-app** directory\n2. Run `npm install`\n\n### Serve application on local machine\n\n1. Run `ng serve` within the **nav-app** directory\n2. Navigate to `localhost:4200` in browser\n\n### Compile for use elsewhere\n\n1. Run `ng build` within the **nav-app** directory\n2. Copy files from `nav-app/dist/` directory\n\n_Note: `ng build --configuration production` does not currently work for ATT\u0026CK Navigator without additional flags. To build the production environment instead use `ng build --configuration production --aot=false --build-optimizer=false`._\n\n### Running the Navigator offline\n\n1. Install the Navigator as per instructions above.\n2. Follow instructions under [loading content from local files](#Loading-content-from-local-files) to configure the Navigator to populate the matrix without an internet connection. The latest MITRE ATT\u0026CK data files can be found here:\n\t- [Enterprise ATT\u0026CK](https://github.com/mitre-attack/attack-stix-data/raw/master/enterprise-attack/enterprise-attack.json).\n\t- [Mobile ATT\u0026CK](https://github.com/mitre-attack/attack-stix-data/raw/master/mobile-attack/mobile-attack.json).\n\t- [ICS ATT\u0026CK](https://github.com/mitre-attack/attack-stix-data/raw/master/ics-attack/ics-attack.json).\n\n## Documentation\n\nWhen viewing the Navigator in a browser, click on the **?** icon in the upper right corner to view the in-app documentation.\n\n## Layers Folder\n\nThe **layers** folder contains specifications for the layer format as well as example layers and a script demonstrating programatic layer generation. We will continue to add content to this repository as new scripts are implemented. Also, feel free to create pull requests if you want to add new capabilities here!\n\nMore information on how layers are used and developed can be found in the ATT\u0026CK Navigator documentation that can be viewed by clicking **?** when running the app in a browser, and in the README in the **layers** folder.\n\n## Adding Custom Context Menu Options\n\nTo create custom options to the **ATT\u0026CK® Navigator** context menu using data in the Navigator, objects must be added to the array labeled `custom_context_menu_options` in `nav-app/src/assets/config.json`. Each object must have a property **label**, which is the text displayed in the context menu, and a property **url**, which is where the user is navigated.\n\nTo utilize data on right-clicked technique in the url, parameters surrounded by double curly brackets can be added to the string. For example: using `http://www.someurl.com/{{technique_attackID}}}` as the url in the custom option would lead to `http://www.someurl.com/T1098`, if the right-clicked technique's attackID was T1098.\n\nThe following data substitutions will be parsed:\n\n* `{{technique_attackID}}` will be substituted with the ATT\u0026CK ID of the technique, e.g `T1234`\n* `{{technique_stixID}}` will be substituted with the STIX ID of the technique, e.g `attack-pattern--12345678-1234-1234-1234-123456789123`\n* `{{technique_name}}` will be substituted with the technique name in lower case and with spaces replaced with hyphens, e.g `example-technique-name`\n* `{{tactic_attackID}}` will be substituted with the ATT\u0026CK ID of the tactic, e.g `TA1234`\n* `{{tactic_stixID}}` will be substituted with the STIX ID of the tactic, e.g `x-mitre-tactic--12345678-1234-1234-1234-123456789123`\n* `{{tactic_name}}` will be substituted with the tactic name in lower case and with spaces replaced with hyphens, e.g `example-tactic`. This is also equivalent to the x_mitre_shortname property of the tactic.\n\nOptionally, a `subtechnique_url` field may be added to a custom option. This field will be parsed when the option is used on a sub-technique instead of the normal URL, which will be used for techniques. If `subtechnique_url` is not used, the `technique_` substitutions defined above will refer to the sub-technique object itself.\n\nThe following substitutions will be parsed for sub-techniques:\n\n* `{{parent_technique_attackID}}` will be substituted with the ATT\u0026CK ID of the sub-technique's parent, e.g `T1234`\n* `{{parent_technique_stixID}}` will be substituted with the STIX ID of the sub-technique's parent, e.g `attack-pattern--12345678-1234-1234-1234-123456789123`\n* `{{parent_technique_name}}` will be substituted with the name of the sub-technique's parent in lower case and with spaces replaced with hyphens, e.g `example-technique-name`\n* `{{subtechnique_attackID}}` will be substituted with the ATT\u0026CK ID of the sub-technique, e.g `T1234.001`\n* `{{subtechnique_attackID_suffix}}` will be substituted with the portion of the ATT\u0026CK ID of the sub-technique after the delimiting period, e.g `001`\n* `{{subtechnique_stixID}}` will be substituted with the STIX ID of the sub-technique, e.g `attack-pattern--98765432-9876-9876-9876-987654321987`\n* `{{subtechnique_name}}` will be substituted with the sub-technique name in lower case and with spaces replaced with hyphens, e.g `example-subtechnique-name`\n* `{{tactic_attackID}}` will be substituted with the ATT\u0026CK ID of the tactic, e.g `TA1234`\n* `{{tactic_stixID}}` will be substituted with the STIX ID of the tactic, e.g `x-mitre-tactic--12345678-1234-1234-1234-123456789123`\n* `{{tactic_name}}` will be substituted with the tactic name in lower case and with spaces replaced with hyphens, e.g `example-tactic`. This is also equivalent to the x_mitre_shortname property of the tactic.\n\nExample custom context menu objects:\n\n```json\n{\n    \"label\": \"view technique on ATT\u0026CK website\",\n    \"url\": \"https://attack.mitre.org/techniques/{{technique_attackID}}\",\n    \"subtechnique_url\": \"https://attack.mitre.org/techniques/{{parent_technique_attackID}}/{{subtechnique_attackID_suffix}}\"\n}\n```\n\n```json\n{\n    \"label\": \"view tactic on ATT\u0026CK website\",\n    \"url\": \"https://attack.mitre.org/tactics/{{tactic_attackID}}\"\n}\n```\n\n## Methods for loading content\n\n### Loading content from a Collection Index\n\nBy default, the Navigator loads content from the ATT\u0026CK Collection Index hosted on the [ATT\u0026CK STIX Data repository](#related-mitre-work). More information about Collection Indexes can be found [here](https://github.com/mitre-attack/attack-stix-data?tab=readme-ov-file#collection-indexes).\n\n1. Modify the `config.json` file located in the `src/assets` directory.\n2. Set the `collection_index_url` property to the URL of your Collection Index (for example, `\"collection_index_url\": \"https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json\"`)\n\n*Note: For the Navigator to load successfully, either the `collection_index_url` property, the `versions` property, or both must be defined. If both the `collection_index_url` and `versions` properties are defined, the Navigator will display the union of the versions under the \"More Options\" dropdown in the \"Create New Layer\" interface. If neither are defined, an alert will be triggered indicating that the Navigator failed to load.*\n\n### Loading content from a TAXII server\n\nBoth TAXII 2.0 and TAXII 2.1 are currently supported. Support for TAXII 2.0 will be deprecated in December 2024. More information about the TAXII 2.1 Server can be found [here](https://github.com/mitre-attack/attack-workbench-taxii-server/tree/main).\n\n1. Modify the `config.json` file located in the `src/assets` directory.\n2. In the `versions` section, set the `enabled` property to `true`.\n3. Define the `taxii_url` property in the list of domains, in place of the domain `data` property, and set its value to the TAXII server URL.\n4. Define the `taxii_collection` property and set its value to the collection UUID as determined by the TAXII server.\n\n#### Example loading content from a TAXII 2.0 server:\n\n```json\n\"versions\": {\n\t\"enabled\": true,\n\t\"entries\": [\n\t\t{\n\t\t\t\"name\": \"Enterprise TAXII 2.0 Data\",\n\t\t\t\"version\": \"14\",\n\t\t\t\"domains\": [\n\t\t\t\t{\n\t\t\t\t\t\"name\": \"Enterprise\",\n\t\t\t\t\t\"taxii_url\": \"https://cti-taxii.mitre.org/\",\n\t\t\t\t\t\"taxii_collection\": \"95ecc380-afe9-11e4-9b6c-751b66dd541e\"\n\t\t\t\t}\n\t\t\t]\n\t\t}\n\t]\n},\n```\n\n#### Example loading content from a TAXII 2.1 server:\n\n```json\n\"versions\": {\n\t\"enabled\": true,\n\t\"entries\": [\n\t\t{\n\t\t\t\"name\": \"Enterprise TAXII 2.1 Data\",\n\t\t\t\"version\": \"14\",\n\t\t\t\"domains\": [\n\t\t\t\t{\n\t\t\t\t\t\"name\": \"Enterprise\",\n\t\t\t\t\t\"taxii_url\": \"https://attack-taxii.mitre.org/\",\n\t\t\t\t\t\"taxii_collection\": \"x-mitre-collection--1f5f1533-f617-4ca8-9ab4-6a02367fa019\"\n\t\t\t\t}\n\t\t\t]\n\t\t}\n\t]\n},\n```\n\n### Loading content from local files\n\nNavigator can be populated using files that consist of bundles of STIX objects, similar to the format found in [this example](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json). Both STIX 2.0 and STIX 2.1 bundles are supported.\n\n1. Place the STIX bundle(s) in the `src/assets` directory. This allows the server hosting the Navigator to also host the data.\n2. Modify the `config.json` file located in the `src/assets` directory.\n3. In the `versions` section, set the `enabled` property to `true`.\n4. Update the URL specified in the `data` array to the path to the STIX bundle (for example, `assets/enterprise-attack.json`). Multiple paths may be added to the `data` array to display multiple STIX bundles in a single instance.\n\n#### Example loading content from local files:\n\n```json\n\"versions\": {\n    \"enabled\": true,\n    \"entries\": [\n        {\n            \"name\": \"Local Enterprise STIX Data\",\n            \"version\": \"14\",\n            \"domains\": [\n                {\n                    \"name\": \"Enterprise\",\n                    \"identifier\": \"enterprise-attack\",\n                    \"data\": [\"assets/enterprise-attack.json\"]\n                }\n            ]\n        }\n    ]\n},\n```\n\n## Running the Docker File\n\n1. Navigate to the directory where you checked out the git repository\n2. Run `docker build -t yourcustomname .`\n3. Run `docker run -p 4200:4200 yourcustomname`\n4. Navigate to `localhost:4200` in browser\n\n## Loading Default Layers Upon Initialization\n\nThe Navigator can be configured so as to load a set of layers upon initialization. These layers can be from the web and/or from local files.\nLocal files to load should be placed in the `nav-app/src/assets/` directory.\n\n1. Set the `enabled` property in `default_layers` in `src/assets/config.json` to `true`\n2. Add the paths to your desired default layers to the `urls` array in `default_layers`. For example,\n\n   ```JSON\n   \"default_layers\": {\n        \"enabled\": true,\n        \"urls\": [\n            \"assets/example.json\", \n            \"https://raw.githubusercontent.com/mitre-attack/attack-navigator/master/layers/samples/Bear_APT.json\"\n        ]\n    }\n   ```\n\n   would load `example.json` from the local assets directory, and `Bear_APT.json` from this repo's sample layer folder on Github.\n3. Load/reload the Navigator\n\nDefault layers from the web can also be set using a query string in the Navigator URL. Refer to the in-application help page section \"Customizing the Navigator\" for more details.\n\nUsers will not be prompted to upgrade default layers to the current version of ATT\u0026CK if they are outdated.\n\n## Enabling Banner in Navigator\n\nThe `banner` setting in `nav-app/src/assets/config.json` by default is an empty string `\"\"\"` (and not visible), and can be set to whatever content you wish to display inside a banner at the top of the Navigator webpage. The banner supports HTML and hyperlinks in the content.\n\n## Disabling Navigator Features\n\nThe `features` array in `nav-app/src/assets/config.json` lists Navigator features you may want to disable. Setting the `enabled` field on a feature in the configuration file will hide all control\nelements related to that feature.\n\nHowever, if a layer is uploaded with an annotation or configuration\nrelating to that feature it will not be hidden. For example, if `comments` are disabled the\nability to add a new comment annotation will be removed, however if a layer is uploaded with\ncomments present they will still be displayed in tooltips and and marked with an underline.\n\nFeatures can also be disabled using the _create customized Navigator_ feature. Refer to the in-application help page section \"Customizing the Navigator\" for more details.\n\n## Embedding the Navigator in a Webpage\n\nIf you want to embed the Navigator in a webpage, use an iframe:\n\n```HTML\n\u003ciframe src=\"https://mitre-attack.github.io/attack-navigator/enterprise/\" width=\"1000\" height=\"500\"\u003e\u003c/iframe\u003e\n```\n\nIf you want to embed a version of the Navigator with specific features removed (e.g tabs, adding annotations), or with a default layer, we recommend using the _create customized Navigator_ feature. We highly recommend disabling the \"leave site dialog\" via this means when embedding the Navigator since otherwise you will be warned whenever you try to leave the embedding page. Refer to the in-application help page section \"Customizing the Navigator\" for more details.\n\nThe following is an example iframe which embeds our [*Bear APTs](layers/samples/Bear_APT.json) layer with tabs and the ability to add annotations removed:\n\n```HTML\n\u003ciframe src=\"https://mitre-attack.github.io/attack-navigator/enterprise/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fmitre%2Fattack-navigator%2Fmaster%2Flayers%2Fdata%2Fsamples%2FBear_APT.json\u0026tabs=false\u0026selecting_techniques=false\" width=\"1000\" height=\"500\"\u003e\u003c/iframe\u003e\n```\n\n## Related MITRE Work\n\n### CTI\n\n[Cyber Threat Intelligence repository](https://github.com/mitre/cti) of the ATT\u0026CK catalog expressed in STIX 2.0 JSON.\n\n### ATT\u0026CK STIX Data\n\n[ATT\u0026CK STIX Data repository](https://github.com/mitre-attack/attack-stix-data) of the ATT\u0026CK catalog expressed in STIX 2.1 JSON.\n\n### ATT\u0026CK\n\nATT\u0026CK® is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT\u0026CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.\n\n\u003chttps://attack.mitre.org\u003e\n\n### STIX\n\nStructured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).\n\nSTIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.\n\nSTIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.\n\n\u003chttps://oasis-open.github.io/cti-documentation/\u003e\n\n## Notice\n\nCopyright 2024 The MITRE Corporation\n\nApproved for Public Release; Distribution Unlimited. Case Number 18-0128.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n   \u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\nThis project makes use of ATT\u0026CK®\n\n[ATT\u0026CK® Terms of Use](https://attack.mitre.org/resources/terms-of-use/)\n","funding_links":[],"categories":["TypeScript (64)","TypeScript","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmitre-attack%2Fattack-navigator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmitre-attack%2Fattack-navigator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmitre-attack%2Fattack-navigator/lists"}