AttackRuleMap Logo

AttackRuleMap

0
Free
Visit Website

AttackRuleMap (ARM) is a mapping tool that correlates open-source detection rules and atomic tests to help security teams understand detection coverage. The tool provides a comprehensive mapping between: - MITRE ATT&CK techniques and tactics - Atomic Red Team test cases - Sigma detection rules - Splunk detection rules Key capabilities include: - Mapping of atomic test cases to corresponding detection rules - Cross-referencing between different detection rule formats - Platform-specific detection coverage analysis - Identification of gaps in detection capabilities - Support for Windows, Linux and ESXi platforms The mapping data is organized in a tabular format containing: - Technique IDs - Atomic attack names and GUIDs - Platform information - Associated Sigma rules - Corresponding Splunk detection rules This correlation helps security teams: - Validate detection coverage against known attack techniques - Identify areas requiring additional detection rules - Plan and prioritize detection engineering efforts - Test detection capabilities using mapped atomic tests

FEATURES

ALTERNATIVES

A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.

A threat intelligence and vulnerability monitoring platform that aggregates security alerts from trusted sources and provides customizable monitoring and notification capabilities.

The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.

Taxii2 server for interacting with taxii services.

A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.

Generate Bro intel files from pdf or html reports.

Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.

The FASTEST Way to Consume Threat Intelligence and make it actionable.