attackgen: A cybersecurity incident response testing tool

AttackGen

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organization’s details.

Features

• Generates unique incident response scenarios based on chosen threat actor groups.
• Allows you to specify your organisation’s size and industry for a tailored scenario.
• Displays a detailed list of techniques used by the selected threat actor group as per the MITRE ATT&CK framework.
• Create custom scenarios based on a selection of ATT&CK techniques.
• Capture user feedback on the quality of the generated scenarios.
• Downloadable scenarios in Markdown format.
• 🆕 Use either the OpenAI API or Azure OpenAI Service to generate incident response scenarios.
• 🆕 Select from several models available from the OpenAI API endpoint.
• 🆕 Available as a Docker container image for easy deployment.
• Integrated with LangSmith for powerful debugging, testing, and monitoring of model performance.

Requirements

• Recent version of Python.
• Python packages: pandas, streamlit, and any other packages necessary for the custom libraries (langchain and mitreattack).
• OpenAI API key.
• LangChain API key (optional) – see LangSmith Setup section below for further details.
• Data files: enterprise-attack.json (MITRE ATT&CK dataset in STIX format) and groups.json.

Installation

1. Clone the repository:

git clone https://github.com/mrwadams/attackgen.git

2. Change the directory into the cloned repository:

3. Install the required Python packages:

Use

Copyright (C) 2024 mrwadams