Mitre Att&ck – from JSON to CSV

I love JSON-formatted data so much that… anytime I see something valuable stored in this format I really can’t resist the temptation of converting it to CSV so that I can actually browse it and/or visually understand/analyze some of it 🙂

I know, I am old-school 🙂

Mitre Att&ck JSON file is a maverick on its own. Updated on regular basis, it contains so much cyberjuice that it is almost a crime not to convert it to CSV, at least some of it 😀

How do we go about it?

This is one of the ways… we use the following script with the input being latest version of the Mitre Att&ck JSON file. The file’s comments include the actual link….

Run it, and see if you like its output… Note that it uses lots of Boolean (0 or 1) output values in many of its columns – this is by design – these may help you to filter the data in Excel or Google Sheets as per your need…

And YES, I know there is jq, I know there are JSON readers/viewers/beautifiers, and I recently learned of pyattck, too. Still, when it comes to data analysis, I really like to keep my options open but also keep them close and control them a bit…

Mitre Domin&trix

Mitre Att&ck coverage is a utopian vision of compliance promoted all over the place in recent years. I have spent many hours working towards this unicorn target and here I present you the results of my efforts.

That is, if you want to do it right, you need to think in a context of the whole attack surface, split into many subtleties, nitpicking things you know and don’t know, and so on and so forth.

I called it… you know what:

The organization-specific domin&trix that will work for your org will be different. But now at least you know what direction to take. AKA Run and Hide 🙂