A Python CLI tool that converts lists of MITRE ATT&CK technique IDs into ATT&CK Navigator layer JSON files for streamlined threat analysis.
A Python CLI utility for quickly converting a list or text file of MITRE ATT&CK technique IDs to a MITRE ATT&CK Navigator layer .JSON file.
This tool is designed for security analysts and threat hunters who want to quickly visualize MITRE ATT&CK techniques associated with threat actors or incidents by creating Navigator layers. It simplifies mapping technique IDs from reports or text files into a format compatible with the ATT&CK Navigator, aiding in identifying detection gaps and prioritizing defenses.
Ensure the input text file contains valid parent MITRE ATT&CK technique IDs; subtechnique IDs are not currently supported but planned for future updates. The output JSON file can be uploaded directly to the MITRE ATT&CK Navigator web interface for visualization.
Clone the repository using Git: git clone https://github.com/infosecB/tech2attacknav.git
Alternatively, download the repository as a ZIP file and unzip it: https://github.com/infosecB/tech2attacknav/archive/refs/heads/main.zippython tech2attacknav.py -i input_file.txt -n ActorName
Runs the script to convert the list of MITRE ATT&CK technique IDs in input_file.txt into a Navigator layer JSON file named result.json, labeling it with the specified actor name.