ATT&CK Navigator
The ATT&CK Navigator is a great tool to browse the ATT&CK matrices. You can run the tool directly from Github, but you can also install it locally. This can especially be useful if you want to browse the ATT&CK matrices when you’re working in an isolated environment.
Navigator can be used via Docker, but that instance does not contain the matrices. Next is a short overview of commands to get the Navigator to work locally, with al matrices available.
Install via Docker
The first step is obviously to clone the Github repository. Following that, download the matrices for Enterprise, Mobile and Pre in the src/assets directory.
git clone https://github.com/mitre-attack/attack-navigator.git cd attack-navigator/nav-app/src/assets wget https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json wget https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json wget https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json cd ../..
Next you need to change the file nav-app/src/assets/config.json. Disable the external matrices URLs and change them to the local instance. Verify that the taxii_server is disabled.
{ "enterprise_attack_url": "assets/enterprise-attack.json", "pre_attack_url": "assets/pre-attack.json", "mobile_data_url": "assets/mobile-attack.json", "taxii_server": { "enabled": false,
When the above is done, create the docker file from within the nav-app directory. The creation file for the docker container will copy the contents from the current location (so the content from nav-app) to the docker location /nav-app/. Because we’ve previously added the matrices, this will also contain the local matrices.
docker build -t attack_navigator . docker run -p 4200:4200 attack_navigator
What’s now left to do is to browse with your browser to localhost:4200.
Did you know that, next to the Navigator, you can also run the entire MITRE ATT&CK website on a standalone server? Check out https://github.com/mitre-attack/attack-website. If you get an error ‘At least one invalid signature was encountered.’ when trying to build the docker image, then issue an ‘docker system prune –force’ and try again.
tnx a lot