{"id":31816842,"url":"https://github.com/splunk/attack-detections-collector","last_synced_at":"2025-10-11T09:58:57.071Z","repository":{"id":45155527,"uuid":"392386306","full_name":"splunk/attack-detections-collector","owner":"splunk","description":"Collects a listing of MITRE ATT\u0026CK Techniques, then discovers Splunk ESCU detections for each technique","archived":false,"fork":false,"pushed_at":"2024-03-17T14:41:57.000Z","size":11,"stargazers_count":62,"open_issues_count":2,"forks_count":16,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-04-15T02:58:36.786Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-03T16:44:15.000Z","updated_at":"2024-04-03T06:56:18.000Z","dependencies_parsed_at":"2022-09-02T20:12:04.378Z","dependency_job_id":null,"html_url":"https://github.com/splunk/attack-detections-collector","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/splunk/attack-detections-collector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fattack-detections-collector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fattack-detections-collector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fattack-detections-collector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fattack-detections-collector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/attack-detections-collector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fattack-detections-collector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006752,"owners_count":26084185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-11T09:58:34.802Z","updated_at":"2025-10-11T09:58:57.065Z","avatar_url":"https://github.com/splunk.png","language":"Python","readme":"# ATT\u0026CK Detections Collector\nCollects a listing of ATT\u0026CK techniques, then discovers ESCU detections for the technique. Results may be saved as HTML or for use with ATT\u0026CK Navigator.\n\n\n## Installation\n\n pip3 install -r requirements.txt\n\n## Usage\n\n\nTo display usage, simply run: `python3 adc.py -h`\n\n usage: adc.py [-h] [-e EXTRACT_IDS [EXTRACT_IDS ...]] [-t TECHNIQUE_IDS [TECHNIQUE_IDS ...]]\n [-d DETECTIONS] [-o OUTFILE] [--as-navigator]\n [--attack-domain {enterprise-attack,mobile-attack,pre-attack}] [--update-cache]\n\n optional arguments:\n -h, --help show this help message and exit\n -e EXTRACT_IDS [EXTRACT_IDS ...], --extract-ids EXTRACT_IDS [EXTRACT_IDS ...]\n Extract ATT\u0026CK Techniques IDs from file or URL\n -t TECHNIQUE_IDS [TECHNIQUE_IDS ...], --technique-ids TECHNIQUE_IDS [TECHNIQUE_IDS ...]\n ATT\u0026CK Techniques IDs to find\n -d DETECTIONS, --detections DETECTIONS\n Path to ESCU detections root\n -o OUTFILE, --outfile OUTFILE\n Filename to save results to\n --as-navigator Save results as ATT\u0026CK Navigator instead of HTML table\n --attack-domain {enterprise-attack,mobile-attack,pre-attack}\n ATT\u0026CK Framework to leverage\n --update-cache Update the locally cached ATT\u0026CK database\n\n\n### HTML Output\n\nTo query for specific techniques and save results to an HTML file: \n\n python3 adc.py -t T1133 T1078 T1059.001 -o results.html\n\n\nOr, to pull content from a URL and automagically extract techniques:\n\n python3 adc.py -e https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html \\\n -o results.html\n\nYou will have an HTML table containing all detections identified.\n\n\n### ATT\u0026CK Navigator Output\n\n\nTo query for specific techniques and save results to an HTML file: \n\n python3 adc.py -t T1133 T1078 T1059.001 -o results-navigator.json --as-navigator\n\n\nOr, to pull content from a URL and automagically extract techniques:\n\n python3 adc.py -e https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html \\\n -o results-navigator.json --as-navigator\n\n#### ATT\u0026CK Navigator Template Customizations\n\nThe output for ATT\u0026CK Navigator may be customized by updating `attack-navigator-template.json`. This script requires a fully functional template that must includes the `techniques` object within the json.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fattack-detections-collector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Fattack-detections-collector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fattack-detections-collector/lists"}