Skill

analyzing-threat-actor-ttps-with-mitre-navigator

From asi

Maps APT group TTPs to MITRE ATT&CK using attackcti Python library and ATT&CK Navigator. Queries STIX/TAXII data, generates layer files for visualization, analyzes defensive coverage.

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

The MITRE ATT&CK Navigator is a web application for annotating and visualizing ATT&CK matrices.

SKILL.md

Similar Skills

analyzing-threat-actor-ttps-with-mitre-navigator

5.9k

Maps APT group TTPs to MITRE ATT&CK using attackcti Python library. Queries STIX/TAXII data, generates Navigator layer files for visualization, and assesses defensive coverage gaps.

3 files

cybersecurity-skills

analyzing-apt-group-with-mitre-navigator

Analyzes APT group techniques using MITRE ATT&CK Navigator to create layered heatmaps of TTPs for detection gap analysis and threat-informed defense.

asi

analyzing-threat-actor-ttps-with-mitre-navigator

Maps APT threat actors' TTPs to MITRE ATT&CK using attackcti Python library and Navigator. Queries STIX/TAXII for organization-technique associations, generates visualization layers, and compares defense coverage.

3 files

cybersecurity-skills-zh

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Analyzing Threat Actor TTPs with MITRE Navigator

Overview

The MITRE ATT&CK Navigator is a web application for annotating and visualizing ATT&CK matrices. Combined with the attackcti Python library (which queries ATT&CK STIX data via TAXII), analysts can programmatically generate Navigator layer files mapping specific threat group TTPs, compare multiple groups, and assess detection coverage gaps against known adversaries.

When to Use

When investigating security incidents that require analyzing threat actor ttps with mitre navigator

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.8+ with attackcti and stix2 libraries installed

MITRE ATT&CK Navigator (web UI or local instance)

Understanding of STIX 2.1 objects and relationships

Steps

Query ATT&CK STIX data for target threat group using attackcti

Extract techniques associated with the group via STIX relationships

Generate ATT&CK Navigator layer JSON with technique annotations

Overlay detection coverage to identify gaps

Export layer for team review and defensive planning

Expected Output

{ "name": "APT29 TTPs", "domain": "enterprise-attack", "techniques": [ {"techniqueID": "T1566.001", "score": 1, "comment": "Spearphishing Attachment"}, {"techniqueID": "T1059.001", "score": 1, "comment": "PowerShell"} ] }