{"id":18587803,"url":"https://github.com/olafhartong/attackdatamap","last_synced_at":"2025-10-04T19:36:39.098Z","repository":{"id":93607505,"uuid":"179885302","full_name":"olafhartong/ATTACKdatamap","owner":"olafhartong","description":"A datasource assessment on an event level to show potential coverage or the MITRE ATT\u0026CK framework","archived":false,"fork":false,"pushed_at":"2020-11-03T21:19:47.000Z","size":2618,"stargazers_count":352,"open_issues_count":2,"forks_count":64,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-05-19T19:08:53.932Z","etag":null,"topics":["dfir","mitre-attack","siem","threat-detection","threat-hunting"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/olafhartong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-04-06T20:50:59.000Z","updated_at":"2025-04-27T02:50:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"b5d96faf-4eee-42f6-9eb1-eb5f22ad6966","html_url":"https://github.com/olafhartong/ATTACKdatamap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/olafhartong/ATTACKdatamap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olafhartong%2FATTACKdatamap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olafhartong%2FATTACKdatamap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olafhartong%2FATTACKdatamap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olafhartong%2FATTACKdatamap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/olafhartong","download_url":"https://codeload.github.com/olafhartong/ATTACKdatamap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olafhartong%2FATTACKdatamap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278366608,"owners_count":25975091,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","mitre-attack","siem","threat-detection","threat-hunting"],"created_at":"2024-11-07T00:43:46.187Z","updated_at":"2025-10-04T19:36:39.061Z","avatar_url":"https://github.com/olafhartong.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![license](https://img.shields.io/github/license/olafhartong/sysmon-modular.svg?style=flat-square)](https://github.com/olafhartong/sysmon-modular/blob/master/license.md)\n![Maintenance](https://img.shields.io/maintenance/yes/2020.svg?style=flat-square)\n[![GitHub last commit](https://img.shields.io/github/last-commit/olafhartong/ATTACKdatamap.svg?style=flat-square)](https://github.com/olafhartong/ATTACKdatamap/commit/master)\n[![Twitter](https://img.shields.io/twitter/follow/olafhartong.svg?style=social\u0026label=Follow)](https://twitter.com/olafhartong)\n\n# ATTACKdatamap\nA datasource assessment on an event level to show potential coverage of the \"MITRE ATT\u0026CK\" framework.\n\nThis tool is developed by me and has no affiliation with \"MITRE\" nor with its great \"ATT\u0026CK\" team, it is developed with the intention to ease the mapping of data sources to assess one's potential coverate.\n\nMore details in a blogpost [here](https://medium.com/@olafhartong/assess-your-data-potential-with-att-ck-datamap-f44884cfed11)\n\n# Start\nThis tool requires module ImportExcel, Install it like this ```PS C:\\\u003e Install-Module ImportExcel```\n\nImport the module with ```Import-Module .\\ATTACKdatamap.psd1```\n\nOS X Only, ImportExcel Module Cannot Autosize by default, install: ```brew install mono-libgdiplus```\n\n## Request-ATTACKjson\nGenerates a JSON file to be imported into the ATT\u0026CK Navigator. The mitre_data_assessment.xlsx file contains all Techniques, which can be updated via Invoke-ATTACK-UpdateExcel.\n\nEach technique contains DataSources, which are individually scored by me with a weight. The DataSourceEventTypes need to be scored per environment.\n\nThis script multiplies the respective DataSource scores and adds them to a total technique score. The generation date is added to the description.\n\nEXAMPLE\n\n```PS C:\\\u003e Request-ATTACKjson -Excelfile .\\mitre_data_assessment.xlsx -Template .\\template.json -Output 2019-03-23-ATTACKcoverage.json```\n\nThis is all gathered into a JSON file which can be opened here;\n[MITRE ATT\u0026CK Navigator/enterprise/](https://mitre-attack.github.io/attack-navigator/enterprise/)\n\n## Invoke-ATTACKUpdateExcel\nThis generates all MITRE ATT\u0026CK relevant fields into a table and creates or updates the REF-DataSources worksheet in an Excel sheet\n\nEXAMPLE\n\n```PS C:\\\u003e Invoke-ATTACKUpdateExcel -AttackPath .\\enterprise-attack.json -Excelfile .\\mitre_data_assessment.xlsx```\n\nThe -AttackPath and -Excelfile parameters are optional\n\n## Get-ATTACKdata\nThis downloads the MITRE ATT\u0026CK Enterprise JSON file\n\nEXAMPLE\n\n```PS C:\\\u003e Get-ATTACKdata -AttackPath ./enterprise-attack.json```\n\nThe -AttackPath parameter is optional\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Folafhartong%2Fattackdatamap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Folafhartong%2Fattackdatamap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Folafhartong%2Fattackdatamap/lists"}