Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/center-for-threat-informed-defense/sightings_ecosystem
Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.
https://github.com/center-for-threat-informed-defense/sightings_ecosystem
ctid cyber-threat-intelligence cybersecurity data-science data-visualization mitre-attack
Last synced: about 1 month ago
JSON representation
Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.
- Host: GitHub
- URL: https://github.com/center-for-threat-informed-defense/sightings_ecosystem
- Owner: center-for-threat-informed-defense
- License: apache-2.0
- Created: 2021-04-13T19:45:07.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-04-03T18:38:25.000Z (8 months ago)
- Last Synced: 2024-08-05T17:44:36.737Z (4 months ago)
- Topics: ctid, cyber-threat-intelligence, cybersecurity, data-science, data-visualization, mitre-attack
- Language: Python
- Homepage: https://ctid.io/sightings-ecosystem
- Size: 19.2 MB
- Stars: 33
- Watchers: 67
- Forks: 8
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - center-for-threat-informed-defense/sightings_ecosystem - Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on tec (Python)
README
# Sightings Ecosystem
The Sightings Ecosystem gives cyber defenders visibility into what adversaries are
actually doing in the wild. With your help, we are tracking MITRE ATT&CK® techniques
observed to give defenders real data on technique prevalence. With this data, we can
analyze trends in evolving adversary behaviors, and ultimately provide a data-driven
resource to support prioritizing defensive operations. This project ingests ATT&CK
technique sightings and process them to produce useful datasets and reporting.You can be a part of the success of this project by contributing your Sightings data and
help advance the state of cybersecurity at large. To join us, please submit a [Data
Contributor
Request](https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/sightings-ecosystem/#CFP)
form.- [Getting Started](#getting-started)
- [Background](#background)
- [Getting Involved](#getting-involved)
- [Questions and Feedback](#questions-and-feedback)
- [Notice](#notice)## Getting Started
To get started, we suggest skimming the documentation to get familiar with the project.
Next, you may want to try creating your own attack flows using the Attack Flow Builder,
which is an easy-to-use GUI tool. When you are ready to dive deep, review the Example
Flows and JSON Schema for the language.| Resource | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
| [Project Web Site](https://center-for-threat-informed-defense.github.io/sightings_ecosystem/) | Complete documentation for the Sightings Ecosystem. |
| [Sightings Data](https://ctidpublic.blob.core.windows.net/sightings/sightings_v2_public.csv) | Download the underlying Sightings data. (CSV – 25.7MiB) |
| [Data Contributor Request](https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/sightings-ecosystem/#CFP) | Become a data contributor. |
| [Upload Tool](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/tree/main/uploaders) | A tool for automatically submitting sightings data (supports Linux, MacOS, and Windows). |## Background
Defenders need data driven answers to questions like:
- How do I know which techniques to prioritize?
- As a company in the finance sector, do the attackers I face use different tactics from
those facing retail or healthcare?
- How are attacks trending over time? Are older forms of attacks still in use?
- Which techniques should I expect to see preceding and proceeding a specific attack?We believe that a different type of cyber threat intelligence must be shared in order to
serve this purpose, and the Center is well-positioned to work across industry.
Specifically, security teams, vendors, ISACs/ISAOs, and governments should begin to
share sightings of ATT&CK techniques. In other words, they should share when they see
adversaries use specific behaviors against real production systems and networks.## Getting Involved
- **Review the project website.** The project provides a detailed analysis of our
findings and can have immediate impact on the prioritization of cybersecurity
controls.
- **Analyze the underlying data.** We make the dataset freely available so that you can
conduct your own analysis. If you generate any new insights, we would love to hear
about it.
- **Become a data contributor.** Submit a [Data Contributor
Request](https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/sightings-ecosystem/#CFP)
form and help us make Sightings even better!## Questions and Feedback
Please submit [issues on
GitHub](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/issues)
for any technical questions or requests. You may also contact
[[email protected]](mailto:[email protected]?subject=Question%20about%20Sightings%20Ecosystem)
directly for more general inquiries about the Center for Threat-Informed Defense.We welcome your contributions to help advance Sightings Ecosystem in the form of [pull
requests](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/pulls).
Please review the [contributor
notice](https://github.com/center-for-threat-informed-defense/sightings_ecosystem/blob/main/CONTRIBUTING.md)
before making a pull request.## Notice
Copyright 2021, 2024 MITRE Engenuity. Approved for public release. Document number(s)
CT0022, CT0103.Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
file except in compliance with the License. You may obtain a copy of the License atUnless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the specific language governing
permissions and limitations under the License.This project makes use of MITRE ATT&CK®
[ATT&CK Terms of Use](https://attack.mitre.org/resources/terms-of-use/)