Atomic Caldera: convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files
Atomic Caldera
A Python 3 script to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.
Backstory
While looking into tools to help test and develop Red/Blue (Purple) teams by running MITRE ATT&CK mapped tests, I investigated MITRE’s Caldera (https://github.com/mitre/caldera) and liked what I saw. I did not like that Caldera does not include many abilities/tests by default. I also looked at Red Canay’s Atomic Red Team (https://github.com/redcanaryco/atomic-red-team), there are a lot of tests included with Atomic Red Team but the included testing framework wasn’t as nice as Caldera. I also like the Sandcat (https://github.com/mitre/sandcat) plugin included with Caldera. It can easily be run on many different endpoints, it is lightweight, and provides the capability to perform tests from a central Caldera server. By combining the tests from Red Canary’s Atomic Red Team with the testing framework of MITRE’s Caldera the best of both toolsets could be enjoyed.
I looked around and did not find any tools to convert Red Canary’s Atomic Red Team tests to MITRE Caldera Stockpile (https://github.com/mitre/stockpile) format. My desire to quickly build a library using the high-quality tests provided by Red Canary in MITRE’s Caldera framework drove me to write a “quick” script.
Install
git clone https://github.com/xenoscr/Atomic-Caldera.git
pip install -r requirements.txt
git clone https://github.com/redcanaryco/atomic-red-team.git
git clone https://github.com/mitre/cti.git
Use
Atomic-Caldera requires only two parameters to run. The input directory where the Red Canary Atomic Red Team “atomics” folder is located and the path to the MITRE CTI repository. The output folder option and CSV file options are optional, if they are not supplied, Atomic-Caldera will save these files in the current working directory.
Copyright (C) 2019 xenoscr
Source: https://github.com/xenoscr/
