mitre package is designed to provide easy access to cybersecurity data standards. You can expect functions to get data frames for every standard object. It provide a directed graph with all relationships for deep exploratory analysis. You could avoid full parsing process using the latest public Rdata sets.
You can install the released version of mitre from CRAN with:
install.packages("mitre")And the development version from GitHub with:
# install.packages("devtools")
devtools::install_github("motherhack3r/mitre")This is a basic example which shows you how to view shield tactics ids and names:
library(mitre)
mitredata <- mitre::getLatestDataSet()
shield <- mitredata$standards$shield
shield$tactics[, c("id", "name")]
#> id name
#> 1 DTA0001 Channel
#> 2 DTA0002 Collect
#> 3 DTA0003 Contain
#> 4 DTA0004 Detect
#> 5 DTA0005 Disrupt
#> 6 DTA0006 Facilitate
#> 7 DTA0007 Legitimize
#> 8 DTA0008 TestThis example shows the number of ATT&CK Techniques by domain:
table(mitredata$standards$attck$techniques$domain)
#>
#> enterprise-attack ics-attack mobile-attack pre-attack
#> 670 81 104 174This is a example which shows you how to visualize shield network:
# library(visNetwork)
# g <- visNetwork::visNetwork(nodes = shield$shieldnet$nodes,
# edges = shield$shieldnet$edges)
# g
Find some more examples in vignettes to build your own graph like this.
Check this proof of concept project. It is a Rmarkdown document performing an exploratory analysis with mitre network and this data set.
- Exploratory analysis: developed by barbero95 and marta.
- Sample incidents data set from rpackage attckr developed by Bob Rudis.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.