AttackRuleMap
AttackRuleMap (ARM) is a mapping tool that correlates open-source detection rules and atomic tests to help security teams understand detection coverage. The tool provides a comprehensive mapping between: - MITRE ATT&CK techniques and tactics - Atomic Red Team test cases - Sigma detection rules - Splunk detection rules Key capabilities include: - Mapping of atomic test cases to corresponding detection rules - Cross-referencing between different detection rule formats - Platform-specific detection coverage analysis - Identification of gaps in detection capabilities - Support for Windows, Linux and ESXi platforms The mapping data is organized in a tabular format containing: - Technique IDs - Atomic attack names and GUIDs - Platform information - Associated Sigma rules - Corresponding Splunk detection rules This correlation helps security teams: - Validate detection coverage against known attack techniques - Identify areas requiring additional detection rules - Plan and prioritize detection engineering efforts - Test detection capabilities using mapped atomic tests
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
Provides breach and attack simulation products for security control validation, offering three different products to meet the needs of organizations of various sizes and maturity levels.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A reference implementation for collecting events and performing CAR analytics to detect potential adversary activity.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.