This tool create an MITRE ATT&CK matrix using all rules that are installed in your Deep Security that has a ATT&CK flag.
Right now it only pull Integrity Monitoring and Intrusion Prevention rules (that are the only one that has ATT&CK)
- Download and install the last Python SDK
- Generate an Api key with at least view permission at Intrusion prevention, Integrity monitoring and Computers, tutorial.
- Fill ds.conf with your api route and key
Just:
python dsattck.py
If you filled the config file correctly, everything should work! This will generate 2 json files, enviroment and applied rules, an matrix with ALL rules and a matrix with the applied rules only, you can submit this files at ATT&CK Navigator
Please contact about any bug that you may found, the API/SDK change a LOT!