This program exports MITRE ATT&CK enterpise matrix into a ELK dashboard. Check out this blog post entry for having better understanding on the benefits of exporting the ATT&CK enterprise matrix into ELK.

1. Clone or fork this repo git@github.com:michaelhidalgo/attack-to-elk.git
2. Create a virtual environment using virtualenv:

virtualenv env

3. Activate the virtual environment running source env/bin/activate from the root folder.
4. Install dependencies from requirements file pip3 install -r requirements.txt
5. Export following environment variables with Elasticsearch IP address and port:

  export es_hostname='Your ELK IP'
  export es_port='Your ELK port (9200 by default)'  

6. Run the program using Python3:

python3 attack-to-elk.py

All visualizations, index patterns and dashboards were exported into an artifact JSON file.

Once you've run the script and indexing the matrix, you can go to Kibana Management -> Saved Objects and Import. From there you can choose the artifacts JSON described above and that's it.