-
Notifications
You must be signed in to change notification settings - Fork 5
/
data_analysis_tool.html
227 lines (207 loc) · 12.7 KB
/
data_analysis_tool.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
<!DOCTYPE html>
<html lang='en'>
<head>
<script async src='https://www.googletagmanager.com/gtag/js?id=UA-62667723-5'></script><script src='/theme/scripts/analytics.js'></script>
<meta charset='utf-8'>
<meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel='shortcut icon' href='https://d1zq5d3dtjfcoj.cloudfront.net/ME_icon.png' type='image/x-icon'>
<link rel="stylesheet" href="/theme/style/all.css">
<script src="/theme/scripts/jquery-3.3.1.min.js"></script>
<title>ATT&CK® EVALUATIONS</title>
<!-- Bootstrap CSS -->
<link rel='stylesheet' href='/theme/style/bootstrap.min.css' />
<link rel='stylesheet' href='/theme/style/bootstrap-glyphicon.min.css' />
<link href="/theme/style/bootstrap-tourist.css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/theme/style.min.css?9ce184b4">
</head>
<body>
<header class=''>
<nav class='navbar navbar-expand-lg navbar-light fixed-top box-shadow-bottom bg-white'>
<a class='navbar-brand' href='/'><img src='https://d1zq5d3dtjfcoj.cloudfront.net/MITRE_Engenuity_ATTACK-Evaluations_logo_PMS_purple.jpg' height="50px" alt=''></a>
<button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'>
<span class='navbar-toggler-icon'></span>
</button>
<div class='collapse navbar-collapse' id='navbarCollapse'>
<ul class='nav nav-tabs ml-auto'>
<li class="dropdown-submenu">
<a class="nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><strong>Enterprise</strong></a>
<!-- <ul class="dropdown-menu dropleft"> -->
<ul class="dropdown-menu dropright">
<li class="dropdown-item dropdown-submenu2">
<a class="dropdown-item" href="/methodology-overview">
Methodology Overview
</a>
</li>
<li class="dropdown-item dropdown-submenu2">
<ul class="dropdown-menu drop_menu_side_right" style="margin-top: 50px;">
<li><a class="dropdown-item" href="/enterprise/participants/?adversaries=apt3">Results</a></li>
<li><a class="dropdown-item" href="/enterprise/APT3">Overview</a></li>
</ul>
<a class="dropdown-item dropdown-toggle" data-toggle="dropdown" href="#">
APT3 (2018)
</a>
</li>
<li class="dropdown-item dropdown-submenu2">
<ul class="dropdown-menu drop_menu_side_right" style="margin-top: 90px;">
<li><a class="dropdown-item" href="/enterprise/participants/?adversaries=apt29">Results</a></li>
<li><a class="dropdown-item" href="/enterprise/APT29">Overview</a></li>
</ul>
<a class="dropdown-item dropdown-toggle" data-toggle="dropdown" href="#">
APT29 (2019)
</a>
</li>
<li class="dropdown-item dropdown-submenu2">
<ul class="dropdown-menu drop_menu_side_right" style="margin-top: 130px;">
<li><a class="dropdown-item" href="/enterprise/participants/?adversaries=carbanak_fin7">Results</a></li>
<li><a class="dropdown-item" href="/enterprise/carbanak_fin7/">Overview</a></li>
</ul>
<a class="dropdown-item dropdown-toggle" data-toggle="dropdown" href="#">
Carbanak+FIN7 (2020)
</a>
</li>
<li class="dropdown-item dropdown-submenu2">
<ul class="dropdown-menu drop_menu_side_right" style="margin-top: 180px;">
<li><a class="dropdown-item" href="/get-evaluated">Call for Participation</a></li>
<li><a class="dropdown-item" href="/enterprise/wizard-spider-and-sandworm/">Overview</a></li>
</ul>
<a class="dropdown-item dropdown-toggle" data-toggle="dropdown" href="#">
Wizard Spider and <br> Sandworm (2021)
</a>
</li>
<li class="dropdown-item dropdown-submenu2">
<a class="dropdown-item" href="/enterprise/participants/">
View All Participants
</a>
</li>
</ul>
</li>
<li class="dropdown-submenu">
<a class="nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><strong>ICS</strong></a>
<ul class="dropdown-menu dropright">
<li class="dropdown-item dropdown-submenu2">
<ul class="dropdown-menu drop_menu_side_right">
<li><a class="dropdown-item" href="/ics/participants/">Participants</a></li>
<li><a class="dropdown-item" href="/ics/triton/">Overview</a></li>
</ul>
<a class="dropdown-item dropdown-toggle" data-toggle="dropdown" href="#">
TRITON (2020)
</a>
</li>
</ul>
</li>
<li class='nav-item dropdown'>
<a class="nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><strong>Tools</strong></a>
<!-- <div class="dropdown-menu" aria-labelledby="navbarDropdown"> -->
<div class="dropdown-menu">
<a class="dropdown-item" href='/technique_comparison'>Technique Comparison Tool </a>
<a class="dropdown-item" href='/participant_comparison'>Participant Comparison Tool </a>
<!-- <a class="dropdown-item" href='https://github.com/mitre-attack/attack-arsenal'>
ATT&CK Arsenal
<i class="fas fa-external-link-alt"></i>
</a> -->
<a class="dropdown-item" href='https://github.com/center-for-threat-informed-defense/adversary_emulation_library'>
Emulation Plan Library
<i class="fas fa-external-link-alt"></i>
</a>
</div>
</li>
<li class='nav-item dropdown'>
<a class="nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><strong>Resources</strong></a>
<!-- <div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown"> -->
<div class="dropdown-menu dropdown-menu-right">
<a class="dropdown-item" href="/using-attack-evaluations">Using ATT&CK Evaluations</a>
<a class="dropdown-item" href="/about">About ATT&CK</a>
<a class="dropdown-item" href="/FAQ">FAQ</a>
<a class="dropdown-item" href="https://mitre-engenuity.org/mad/https://mitre-engenuity.org/mad/https://mitre-engenuity.org/mad/">MITRE ATT&CK Defender Training <i class="fas fa-external-link-alt"></i></a>
<a class="dropdown-item" href="https://mitre-engenuity.org/ctid/">Center for Threat-Informed Defense <i class="fas fa-external-link-alt"></i></a>
<a class="dropdown-item" href="https://medium.com/mitre-engenuity/tagged/evaluation" target="_blank"> Blog</strong> <i class="fas fa-external-link-alt"></i> </a>
</div>
</li>
<li class='nav-item'><a class='nav-link' href='/get-evaluated'><strong>Get Evaluated</strong></a></li>
</ul>
</div>
</nav>
</header>
<div id='content-width-lock'>
<div id='content'><br>
<div class="divEvaluationSummaryBody">
<div style="padding: 0px; width: 100%;">
<span class="spanBreadcrumbs-results">
<a href='/'>Home</a> >
Tools >
Data Analysis Tool
</span>
<br />
</div>
<br>
<div class='divFAQBody'>
<div style="margin-top:20px; text-align: center;">
<h1>Data Analysis Tool</h1>
</div>
<br>
<p>
The ATT&CK Evaluations results data contains a wealth of information to allow readers to better understand how capabilities work. At the same time, we recognize that getting a quick, high level understanding of a tool’s performance is difficult. To address this, we developed and released <a href="https://github.com/mitre-attack/joystick">Joystick</a>, an ATT&CK Evaluations data analysis tool.
</p>
<p>
<a href="https://github.com/mitre-attack/joystick">Joystick</a> allows users to graphically explore the ATT&CK Evaluations results. We have initially released functionality to enable users to prioritize the detection categories that matter most to them. After selecting the detection categories of greatest interest, users are presented a timeline view of the Operational Flow, clearly showing where that type of detection(s) occurred.
</p>
<p>
Some example questions that you can use Joystick to answer:
<ul>
<li>Does a vendor have broad coverage, or are their detections focused around a couple of techniques?</li>
<li>Where in the Operational Flow did detections occur? </li>
<li>Which steps had telemetry?</li>
<li>Which steps had some detection logic applied (e.g., not telemetry or none)?</li>
<li>Which steps were tainted/correlated? </li>
<li>How did this vendor perform in their initial evaluation (e.g., no configuration changes)? </li>
</ul>
</p>
<p>
We will be extending the types of analysis that can be performed with Joystick, but if you have specific needs or requests, please reach out to the <a href="mailto:evals@mitre-engenuity.org.">ATT&CK Evaluations</a> team.
</p>
</div>
<br><br>
<center>
<a href="https://github.com/mitre-attack/joystick"><img src="https://d1zq5d3dtjfcoj.cloudfront.net/joystick.png"/></a>
</center>
<br><br>
</div>
</div>
</div>
<footer>
<div class="container-fluid border-top pt-4 pb-4">
<div class="row" style="width: 95%; margin: 0 auto;">
<div class="col-xl-6 style: display: flex; flex-direction: column;">
<p class="footer-links-left"><a class="footer-links-left" href="/terms-of-use">Terms and Conditions</a></p>
<p class="footer-links-left"><a class="footer-links-left" href="/privacy">Privacy Policy</a></p>
<p class="footer-links-left">© 2018 - 2021, The MITRE Corporation and MITRE Engenuity.</p>
<p class="footer-links-left">MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.</p>
</div>
<div class="col-xl-6 style: display: flex; flex-direction: column;">
<div class="footer-float-right-responsive">
<div class="mb-1">
<a href="https://twitter.com/MITREengenuity" class="btn btn-footer w-100">
<img src="https://d1zq5d3dtjfcoj.cloudfront.net/twitter.png" class="mr-1" style="vertical-align: top" width="20" height="20">
<b>@MITREengenuity</b>
</a>
</div>
<div class="">
<a href="/contact" class="btn btn-footer w-100">
Contact
</a>
</div>
</div>
</div>
</div>
</div>
</footer>
<!--SCRIPTS-->
<script src="/theme/scripts/jquery-3.3.1.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js"></script>
<script src="/theme/scripts/bootstrap.min.js"></script>
<script src="/theme/scripts/site.js"></script>
<script src="/theme/scripts/bootstrap-tourist.js"></script>
</body>
<!-- jjli -->
</html>