mitre-attck-skill

Solid

MITRE ATT&CK framework mapping and analysis

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 92/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
56
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# MITRE ATT&CK Skill ## Overview This skill provides MITRE ATT&CK framework mapping, analysis, and adversary emulation capabilities. ## Capabilities - Map TTPs to ATT&CK techniques - Generate ATT&CK Navigator layers - Query ATT&CK STIX data - Create attack patterns and campaigns - Analyze technique coverage - Generate detection mappings - Support ATT&CK ICS and Mobile - Create adversary emulation plans ## Target Processes - red-team-operations.js - purple-team-exercise.js - threat-intelligence-research.js - malware-analysis.js ## Dependencies - ATT&CK STIX data (via TAXII or local) - ATT&CK Navigator - mitreattack-python library - Python 3.x ## Usage Context This skill is essential for: - Adversary emulation planning - Detection gap analysis - Threat intelligence correlation - Red team operation planning - Security posture assessment ## Integration Notes - Supports all ATT&CK matrices (Enterprise, Mobile, ICS) - Can generate Navigator layers for visualization - Integrates with threat intelligence platforms - Maps to detection rules and mitigations - Supports campaign and group analysis

Details

Author
a5c-ai
Repository
a5c-ai/babysitter
Created
4 months ago
Last Updated
today
Language
JavaScript
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

analyzing-threat-actor-ttps-with-mitre-attack

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh

13,115 Updated today
mukul975
AI & Automation Featured

mapping-mitre-attack-techniques

Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-threat-modeling-with-mitre-attack

Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets, assess detection coverage gaps, and prioritize defensive investments. Use when SOC teams need to align detection engineering with threat landscape, conduct threat assessments for new environments, or justify security tool procurement.

13,115 Updated today
mukul975
AI & Automation Featured

analyzing-apt-group-with-mitre-navigator

Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.

13,115 Updated today
mukul975
AI & Automation Solid

analyzing-threat-actor-ttps-with-mitre-navigator

Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework using the ATT&CK Navigator and attackcti Python library. The analyst queries STIX/TAXII data for group-technique associations, generates Navigator layer files for visualization, and compares defensive coverage against adversary profiles. Activates for requests involving APT TTP mapping, ATT&CK Navigator layers, threat actor profiling, or MITRE technique coverage analysis.

13,115 Updated today
mukul975