PSAttck

2.0.0

en-us/about_PSAttck.help.txt

                                TOPIC

    PSAttck (version 1.0.0)

SHORT DESCRIPTION

    PSAttck allows you to interact with MITRE ATT&CK Framework

LONG DESCRIPTION

    PSAttck allows you to interact with MITRE ATT&CK Framework. 

    Currently PSAttck supports the Enterprise MITRE ATT&CK Framework

    with future plans to support additional frameworks

    By default, PSAttck downloads data about the MITRE ATT&CK framework from

    an external source.  Additionally, additional generated data sets are downloaded as well

    You can set an alternate path to retrieve these data sets from by using 

    the Set-PSAttckConfiguration Cmdlet

POWERSHELL COMPATIBILITY

    PSAttck is compatible with Windows PowerShell 5 and PowerShell Core.

    PSAttck utilizes PowerShell Classes to generate and create standard objects

    across all ATT&CK data categories.

FUNCTIONS

    To see what functions are provided by PSAttck, execute the command:

    Get-Command -Module PSAttck 

    In addition to the below functions, you can also retrieve related data objects

    defined within the MITRE ATT&CK Framework.  

    Available functions and their related data objects are defined below:

    Get-Attck

        Select an ATT&CK data type and FilterBy a property name and it's value (if desired)

    Get-AttckActor

        Retrieve all or a specific Actor by name

        Related Data Objects:

            Malwares

            Tools

            Techniques

    Get-AttckMalware

        Retrieve all or a specific Malware by name

            Related Data Objects:

                Techniques

                Actors

    Get-AttckMitigation

        Retrieve all or a specific Mitigation by name

            Related Data Objects:

                Techniques

    Get-AttckTactic

        Retrieve all or a specific Tactic by name

            Related Data Objects:

                Techniques

    Get-AttckTechnique

        Retrieve all or a specific Technique by name

            Related Data Objects:

                Techniques

                Actors

                Mitigations

                Datasets

    Get-AttckTool

        Retrieve all or a specific Tool by name

            Related Data Objects:

                Techniques

                Actors

MISCELLANEOUS FEATURES

    PSAttck also allows you to retrieve external data sets related to Techniques

    For example, every Technique object has additional (non-standard) properties 

    which allow you to access:

        - Commands

            - Source

            - Command

            - Name (if applicable)

        - CommandList

            - command from Commands['command']

        - RawDatasets

            - Raw dataset data

        - Queries

            - Product

            - Query

            - Name (if applicable)

        - RawDetections

            - Raw detection data source

FEEDBACK

    Please submit any feedback, including defects and enhancement requests at: 

    https://github.com/swimlane/PSAttck/issues

CREDITS

    This is a list of people and/or groups who have directly or indirectly

    helped by offering significant suggestions & code without which PSAttck

    would be a lesser product. In no particular order:

    Name: Mathias Jessen

    Twitter: @IISResetMe

    Blog: https://blog.iisreset.me/

SEE ALSO

    For more information, please visit https://swimlane.com 

    Additionally, most of the functions have help associated with 

    them e.g.:

    PS> Get-Help Get-Attck