attackgen: A cybersecurity incident response testing tool
AttackGen
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organization’s details.
Features
- Generates unique incident response scenarios based on chosen threat actor groups.
- Allows you to specify your organisation’s size and industry for a tailored scenario.
- Displays a detailed list of techniques used by the selected threat actor group as per the MITRE ATT&CK framework.
- Create custom scenarios based on a selection of ATT&CK techniques.
- Capture user feedback on the quality of the generated scenarios.
- Downloadable scenarios in Markdown format.
Use either the OpenAI API or Azure OpenAI Service to generate incident response scenarios.
Select from several models available from the OpenAI API endpoint.
Available as a Docker container image for easy deployment.
- Integrated with LangSmith for powerful debugging, testing, and monitoring of model performance.
Requirements
- Recent version of Python.
- Python packages: pandas, streamlit, and any other packages necessary for the custom libraries (langchain and mitreattack).
- OpenAI API key.
- LangChain API key (optional) – see LangSmith Setup section below for further details.
- Data files: enterprise-attack.json (MITRE ATT&CK dataset in STIX format) and groups.json.
Installation
- Clone the repository:
git clone https://github.com/mrwadams/attackgen.git
- Change the directory into the cloned repository:
cd attackgen
- Install the required Python packages:
pip install -r requirements.txt
Use
Copyright (C) 2024 mrwadams