Skip to content

Michael-Rhodes/ADAPT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

95 Commits
Documentation
Documentation
 
 
Setup-Environment
Setup-Environment
 
 
Windows
Windows
 
 
adapt-frontend
adapt-frontend
 
 
db
db
 
 
elk
elk
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

ADAPT

Active Detection of Advanced Persistent Threats

System Workflow:

System Wrokflow

  1. Windows - Windows 7 machines using Sysmon and Winlogbeat to send log data to the SEIM
  2. Elk - ELK server collects log data from the Workstations and forwards logs to the API for our tool
  3. API - Stores logs for analysis and retrieves them for the frontend webserver
  4. Analysis Engine - Queries the database and implements our probabilistic model on the log data
  5. Web Console - Provides an interface for interacting with results from the analysis engine

Additional info:

APT Workflow

APT workflow

Source: B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas, “MITRE ATT&CK: Design and Philosophy,” MITRE Corporation, 2018.

About

Active Detection of Advanced Persistent Threats

Resources

Readme
Activity

Stars

7 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages