Microsoft Defender for Cloud threat matrix for Kubernetes (TMFK) contains attack tactics, techniques and mitigations relevant for Kubernetes environment.
This repository contains the TMFK dataset represented in STIX 2.1 JSON collections.
.
├─ build ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Collection folder
│ ├─ tmfk_strict.json ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Most recent strict TMFK release
│ ├─ tmfk_attack_compatible.json ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Most recent ATT&CK compatible TMFK release
│ ├─ tmfk_strict_b885d18.json ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ TMFK strict collection for commit hash b885d18 of site repo
│ ├─ tmfk_attack_compatible_b885d18.json ∙∙∙∙∙∙ TMFK ATT&CK compatible collection for commit hash b885d18 of site repo
│ └─ [other commits of ATRM]
├─ make.sh ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Build script for *nix and MacOS
└─ make.bat ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Build script for Windows
Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).
STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.
STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.
ATT&CK compatible version can be loaded into ATT&CK Workbench.
It uses domain enterprise-attack to comply internal contract of ATT&CK Workbench.
Mitigations are also included. Furthermore, you can locate a connection to the MITRE ATT&CK mitigations and techniques inside the field x_mitre_ids of the related entities.
You can also use the mitreattack-python library to process the STIX bundle(see example.ipynb).