Shield Agents
🛡️ Initial release - Shield Agents v1.0.0
de31cf7
Raw
History Blame Contribute Delete
2.04 kB
"""MITRE ATT&CK knowledge base for Shield Agents."""
MITRE_TECHNIQUES = {
"T1190": {
"name": "Exploit Public-Facing Application",
"tactic": "Initial Access",
"description": "Adversaries may exploit weaknesses in public-facing applications.",
},
"T1059": {
"name": "Command and Scripting Interpreter",
"tactic": "Execution",
"description": "Adversaries may abuse command and script interpreters.",
},
"T1078": {
"name": "Valid Accounts",
"tactic": "Defense Evasion",
"description": "Adversaries may use stolen credentials.",
},
"T1110": {
"name": "Brute Force",
"tactic": "Credential Access",
"description": "Adversaries may use brute force techniques.",
},
"T1053": {
"name": "Scheduled Task/Job",
"tactic": "Execution",
"description": "Adversaries may abuse task scheduling.",
},
"T1041": {
"name": "Exfiltration Over C2 Channel",
"tactic": "Exfiltration",
"description": "Adversaries may steal data through C2 channel.",
},
"T1566": {
"name": "Phishing",
"tactic": "Initial Access",
"description": "Adversaries may use phishing to gain access.",
},
"T1071": {
"name": "Application Layer Protocol",
"tactic": "Command and Control",
"description": "Adversaries may use application layer protocols for C2.",
},
}
def get_mitre_technique(vulnerability_type: str) -> dict:
"""Get MITRE ATT&CK technique for a vulnerability type."""
mapping = {
"sql_injection": "T1190",
"xss": "T1190",
"command_injection": "T1059",
"credential_theft": "T1110",
"brute_force": "T1110",
"phishing": "T1566",
"exfiltration": "T1041",
"c2_communication": "T1071",
"injection": "T1190",
}
tech_id = mapping.get(vulnerability_type.lower(), "T1190")
return MITRE_TECHNIQUES.get(tech_id, MITRE_TECHNIQUES["T1190"])