An automated tool for mapping and correlating cybersecurity frameworks including MITRE ATT&CK, CAPEC, D3FEND, and STRIDE threat modeling categories.
- Official STRIDE-CAPEC Mappings: 400+ validated attack patterns across 6 threat categories
- Real-time Data Fetching: Automatic updates from official MITRE repositories
- Cross-Framework Correlation: Links between ATT&CK techniques, CAPEC patterns, and STRIDE categories
- Interactive HTML Reports: Modern, responsive dashboards with statistics
- Automated Scheduling: Daily updates via cron jobs
- Comprehensive Monitoring: Health checks, error tracking, and coverage analysis
| Framework | Source | Update Frequency |
|---|---|---|
| MITRE ATT&CK | Official STIX Repository | Daily |
| CAPEC | MITRE CTI Repository | Daily |
| CAPEC-ATT&CK Mapping | Official CSV Mapping | Daily |
| D3FEND | Official API | When available |
| STRIDE-CAPEC Mappings | Community Research | Static (validated) |
- Python 3.8 or higher
- Internet connection for data fetching
- Unix-like system (Linux/macOS) for automation scripts
-
Clone or download the scripts:
# Download the main files wget https://your-repo/cybersecurity_data_updater.py wget https://your-repo/automation_config.sh -
Run the automated setup:
chmod +x automation_config.sh ./automation_config.sh
-
Validate the installation:
python3 validate_setup.py
-
Run your first update:
./run_update.sh
If you prefer manual setup:
# Install Python dependencies
pip install requests stix2 python-dateutil lxml beautifulsoup4 pandas
# Run the main script
python3 cybersecurity_data_updater.py
# View the report
python3 deploy_web.py| Command | Description |
|---|---|
./run_update.sh |
Manual data update |
python3 deploy_web.py |
Start web server to view reports |
./monitor.sh |
Check system status and statistics |
python3 validate_setup.py |
Validate installation and dependencies |
from cybersecurity_data_updater import CybersecurityDataUpdater
updater = CybersecurityDataUpdater(output_dir="custom_data")
mapping_data = updater.generate_consolidated_mapping()import json
# Load the consolidated mapping
with open('cybersec_data/consolidated_mapping.json', 'r') as f:
data = json.load(f)
# Access STRIDE mappings
spoofing_patterns = data['stride_mapping']['Spoofing']['capec_patterns']
print(f"Found {len(spoofing_patterns)} spoofing patterns")| Category | CAPEC Patterns | Description |
|---|---|---|
| Spoofing | 89 patterns | Identity falsification, phishing, content spoofing |
| Tampering | 45 patterns | Data manipulation, code injection, file system attacks |
| Repudiation | 6 patterns | Log manipulation, evidence elimination |
| Information Disclosure | 25 patterns | Data interception, credential harvesting |
| Denial of Service | 35 patterns | Resource exhaustion, network flooding |
| Elevation of Privilege | 16 patterns | Authentication bypass, privilege escalation |
cybersec_data/
βββ consolidated_mapping.json # Complete framework mapping
βββ cybersec_report.html # Interactive HTML report
βββ attack_enterprise_raw.json # Raw ATT&CK Enterprise data
βββ attack_mobile_raw.json # Raw ATT&CK Mobile data
βββ attack_ics_raw.json # Raw ATT&CK ICS data
βββ capec_raw.json # Raw CAPEC data
βββ d3fend_raw.json # Raw D3FEND data (when available)
{
"metadata": {
"generated_at": "2025-08-20T12:15:00Z",
"version": "2.1",
"data_sources": {
"attack_techniques_count": 1106,
"capec_patterns_count": 615,
"capec_attack_mappings_count": 177,
"stride_categories": 6
}
},
"stride_mapping": {
"Spoofing": {
"description": "Identity falsification attacks",
"capec_patterns": [...],
"attack_techniques": [...]
}
},
"framework_stats": {
"total_capec_mapped": 216,
"total_attack_mapped": 450,
"coverage_by_category": {...}
}
}The tool automatically configures:
- Cron Job: Daily updates at 6:00 AM
- Logging: Comprehensive logs in
cybersec_update.log - Error Handling: Retry mechanisms with exponential backoff
- Health Monitoring: Network connectivity and dependency checks
# Edit cron job (example: every 6 hours)
crontab -e
# Change to: 0 */6 * * * cd /path/to/script && python3 cybersecurity_data_updater.py# In cybersecurity_data_updater.py, modify:
self.stride_capec_mappings = {
'Spoofing': {
'capec_ids': ['CAPEC-148', 'CAPEC-151', ...], # Add/remove IDs
'description': 'Custom description'
}
}Run ./monitor.sh to see:
π Cybersecurity Update Monitoring
==================================
π Last update: 2025-08-18T10:30:00Z (0 days, 2 hours ago)
π Current Statistics:
STRIDE-CAPEC Mappings: 216
STRIDE-ATT&CK Mappings: 450
Total ATT&CK Techniques: 800
Total CAPEC Patterns: 600
π― Coverage by STRIDE Category:
Spoofing : 89 CAPEC + 120 ATT&CK
Tampering : 45 CAPEC + 95 ATT&CK
...
β° Cron job status: β
Cron job configured
π Connectivity check: β
All sources accessible
# Test connectivity to MITRE repositories
curl -I https://github.com/mitre-attack/attack-stix-data
curl -I https://github.com/mitre/cti# Reinstall dependencies
pip install -r requirements.txt
# Or install individually
pip install requests stix2 python-dateutil lxml beautifulsoup4 pandas# Fix script permissions
chmod +x *.sh *.py
# Fix cron job access
sudo crontab -e # If running as system serviceCheck logs for detailed error information:
# View recent logs
tail -f cybersec_update.log
# Search for errors
grep "ERROR" cybersec_update.log
# Count warnings
grep -c "WARNING" cybersec_update.log.
βββ cybersecurity_data_updater.py # Main application
βββ automation_config.sh # Setup automation
βββ requirements.txt # Python dependencies
βββ run_update.sh # Manual execution script
βββ deploy_web.py # Web server for reports
βββ monitor.sh # System monitoring
βββ validate_setup.py # Installation validator
βββ cybersec_data/ # Generated data directory
βββ logs/ # Log files
βββ README.md # This file
To integrate additional cybersecurity frameworks:
-
Add data source URL:
self.sources['new_framework'] = 'https://api.example.com/data.json'
-
Create parser method:
def parse_new_framework_data(self, data): # Implementation here pass
-
Update mapping logic:
def create_stride_mapping_with_real_data(self, techniques, patterns, new_data): # Include new framework in mappings
# Validate setup
python3 validate_setup.py
# Test with limited data (faster)
python3 -c "
from cybersecurity_data_updater import CybersecurityDataUpdater
updater = CybersecurityDataUpdater()
print('Setup OK')
"
# Run full update
./run_update.sh- MITRE ATT&CK: attack.mitre.org
- CAPEC: capec.mitre.org
- D3FEND: d3fend.mitre.org
- STRIDE Methodology: Microsoft Threat Modeling
- STRIDE-CAPEC Mappings: Brett Crawley's Research
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow PEP 8 for Python code style
- Add comprehensive logging for new features
- Update documentation and README
- Test with
validate_setup.pybefore submitting - Ensure compatibility with existing automation
This project is licensed under the MIT License - see the LICENSE file for details.
- MITRE Corporation for providing open cybersecurity frameworks
- Brett Crawley for comprehensive STRIDE-CAPEC mapping research
- OSTERING.com for community-driven threat modeling resources
- Cybersecurity community for continuous framework development
- Issues: Report bugs and request features via GitHub Issues
- Documentation: Check this README and inline code comments
- Community: Join cybersecurity forums for discussions
- Updates: Watch the repository for latest enhancements
Last Updated: August 20, 2025 | Version: 2.1 | Maintainer: ellipse2v