Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/center-for-threat-informed-defense/sightings_ecosystem

Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.
https://github.com/center-for-threat-informed-defense/sightings_ecosystem

ctid cyber-threat-intelligence cybersecurity data-science data-visualization mitre-attack

Last synced: about 1 month ago
JSON representation

Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.

Awesome Lists containing this project

README

        

# Sightings Ecosystem

The Sightings Ecosystem gives cyber defenders visibility into what adversaries are
actually doing in the wild. With your help, we are tracking MITRE ATT&CK® techniques
observed to give defenders real data on technique prevalence. With this data, we can
analyze trends in evolving adversary behaviors, and ultimately provide a data-driven
resource to support prioritizing defensive operations. This project ingests ATT&CK
technique sightings and process them to produce useful datasets and reporting.

You can be a part of the success of this project by contributing your Sightings data and
help advance the state of cybersecurity at large. To join us, please submit a [Data
Contributor
Request](https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/sightings-ecosystem/#CFP)
form.

- [Getting Started](#getting-started)
- [Background](#background)
- [Getting Involved](#getting-involved)
- [Questions and Feedback](#questions-and-feedback)
- [Notice](#notice)

## Getting Started

To get started, we suggest skimming the documentation to get familiar with the project.
Next, you may want to try creating your own attack flows using the Attack Flow Builder,
which is an easy-to-use GUI tool. When you are ready to dive deep, review the Example
Flows and JSON Schema for the language.

| Resource | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
| [Project Web Site](https://center-for-threat-informed-defense.github.io/sightings_ecosystem/) | Complete documentation for the Sightings Ecosystem. |
| [Sightings Data](https://ctidpublic.blob.core.windows.net/sightings/sightings_v2_public.csv) | Download the underlying Sightings data. (CSV – 25.7MiB) |
| [Data Contributor Request](https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/sightings-ecosystem/#CFP) | Become a data contributor. |
| [Upload Tool](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/tree/main/uploaders) | A tool for automatically submitting sightings data (supports Linux, MacOS, and Windows). |

## Background

Defenders need data driven answers to questions like:

- How do I know which techniques to prioritize?
- As a company in the finance sector, do the attackers I face use different tactics from
those facing retail or healthcare?
- How are attacks trending over time? Are older forms of attacks still in use?
- Which techniques should I expect to see preceding and proceeding a specific attack?

We believe that a different type of cyber threat intelligence must be shared in order to
serve this purpose, and the Center is well-positioned to work across industry.
Specifically, security teams, vendors, ISACs/ISAOs, and governments should begin to
share sightings of ATT&CK techniques. In other words, they should share when they see
adversaries use specific behaviors against real production systems and networks.

## Getting Involved

- **Review the project website.** The project provides a detailed analysis of our
findings and can have immediate impact on the prioritization of cybersecurity
controls.
- **Analyze the underlying data.** We make the dataset freely available so that you can
conduct your own analysis. If you generate any new insights, we would love to hear
about it.
- **Become a data contributor.** Submit a [Data Contributor
Request](https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/sightings-ecosystem/#CFP)
form and help us make Sightings even better!

## Questions and Feedback

Please submit [issues on
GitHub](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/issues)
for any technical questions or requests. You may also contact
[[email protected]](mailto:[email protected]?subject=Question%20about%20Sightings%20Ecosystem)
directly for more general inquiries about the Center for Threat-Informed Defense.

We welcome your contributions to help advance Sightings Ecosystem in the form of [pull
requests](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/pulls).
Please review the [contributor
notice](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/blob/main/CONTRIBUTING.md)
before making a pull request.

## Notice

Copyright 2021, 2024 MITRE Engenuity. Approved for public release. Document number(s)
CT0022, CT0103.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the specific language governing
permissions and limitations under the License.

This project makes use of MITRE ATT&CK®

[ATT&CK Terms of Use](https://attack.mitre.org/resources/terms-of-use/)