foundry-sample-mitre
Triage with MITRE Attack sample Foundry app
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (14.5%) to scientific vocabulary
Keywords
Keywords from Contributors
Repository
Triage with MITRE Attack sample Foundry app
Basic Info
Statistics
- Stars: 9
- Watchers: 4
- Forks: 2
- Open Issues: 0
- Releases: 0
Topics
Metadata Files
README.md
Triage with MITRE Attack sample Foundry app
The Triage with MITRE Attack sample Foundry app is a community-driven, open source project which serves as an example of an app which can be built using CrowdStrike's Foundry ecosystem.
foundry-sample-mitre is an open source project, not a CrowdStrike product. As such, it carries no formal support, expressed or implied.
This app is one of several App Templates included in Foundry that you can use to jumpstart your development. It comes complete with a set of preconfigured capabilities aligned to its business purpose. Deploy this app from the Templates page with a single click in the Foundry UI, or create an app from this template using the CLI.
[!IMPORTANT]
To deploy this sample app, you need access to the Falcon console.
Description
The CrowdStrike Triage for MITRE ATT&CK app provides SOC analysts with a focused, MITRE-prioritized view of their XDR detections and enables both automated and manual remediation actions.
This app provides a filtered dashboard for the existing Falcon console Detections page, helping users focus on a manageable set of detections.
You can use this app to configure automated and manual actions for specific tactics and techniques.
Prerequisites
- The Foundry CLI (instructions below).
- Go v1.21+ (needed if modifying the app's functions). See https://go.dev/learn for installation instructions.
- Yarn (needed if modifying the app's UI). See https://yarnpkg.com/getting-started for installation instructions.
Install the Foundry CLI
You can install the Foundry CLI with Scoop on Windows or Homebrew on Linux/macOS.
Windows:
Install Scoop. Then, add the Foundry CLI bucket and install the Foundry CLI.
shell
scoop bucket add foundry https://github.com/crowdstrike/scoop-foundry-cli.git
scoop install foundry
Or, you can download the latest Windows zip file, expand it, and add the install directory to your PATH environment variable.
Linux and macOS:
Install Homebrew. Then, add the Foundry CLI repository to the list of formulae that Homebrew uses and install the CLI:
shell
brew tap crowdstrike/foundry-cli
brew install crowdstrike/foundry-cli/foundry
Run foundry version to verify it's installed correctly.
Getting Started
Clone this sample to your local system, or download as a zip file.
shell
git clone https://github.com/CrowdStrike/foundry-sample-mitre
cd foundry-sample-mitre
Log in to Foundry:
shell
foundry login
Select the following permissions:
- [x] Create and run RTR scripts
- [x] Create, execute and test workflow templates
- [x] Create, run and view API integrations
- [x] Create, edit, delete, and list queries
Deploy the app:
shell
foundry apps deploy
[!TIP] If you get an error that the name already exists, change the name to something unique to your CID in
manifest.yml.
Once the deployment has finished, you can release the app:
shell
foundry apps release
Next, go to Foundry > App catalog, find your app, and install it. Select the Open App button in the success dialog.
[!TIP] If the app doesn't load, reload the page.
You'll see the different types of MITRE ATT&CKs and see the detections associated with them.
Development
In order to be able to see (and develop) your local page/extension you have to:
- Run
foundry ui runin this directory. - The pages/extensions you're developing must have been built (suggestion: use watchers for hot module reload).
With the following, you should be able to start and develop all the projects under mitre:
- Run
yarn. - Run
yarn start, this will run type-checks andbuild-watchfor every project. - Concurrently, run
foundry ui run. - Now, you are ready to test your changes with local code (remember to turn on "development mode").
About this sample app
Foundry capabilities used
- Collections. Used by the app to store JIRA configuration for response actions and the history of issues created from the app.
- UI navigation. Adds the app to the Falcon navigation for easy access.
- UI pages. Custom UI pages to display results and manage the app.
- UI extensions. UI extension that is configured to run in a socket on the Detections page of the Falcon console.
Languages and frameworks used
- UI
- HTML, CSS
- TypeScript, Vue
Directory structure
collections. Schemas used in the collections used by this app.ui/pages/chart-vue. Single Page Application which serves as the frontend of the app.ui/extensions/remediations. Single Page Application which serves as the extension mounted in the Detections page of the Falcon console.shared/mitre-vue. Utility code and components shared between theui/pages/chart-vueandui/extensions/remediations.
Foundry resources
WE STOP BREACHES
Owner
- Name: CrowdStrike
- Login: CrowdStrike
- Kind: organization
- Email: github@crowdstrike.com
- Location: United States of America
- Website: https://www.crowdstrike.com
- Repositories: 183
- Profile: https://github.com/CrowdStrike
Citation (CITATION.cff)
cff-version: 1.2.0
title: 'CrowdStrike Foundry Sample App - Triage with MITRE Attack'
message: >-
If you use this software, and wish to cite the origins,
please use metadata from this file.
type: software
authors:
- given-names:
family-names: CrowdStrike
email: foundry@crowdstrike.com
repository-code: 'https://github.com/CrowdStrike/foundry-sample-mitre'
url: 'https://www.crowdstrike.com'
repository-artifact: 'https://pkg.go.dev/github.com/crowdstrike/foundry-sample-mitre'
abstract: >-
The CrowdStrike Foundry Sample App - Triage with
MITRE Attack is a community-driven, open source
project designed to illustrate creating apps with
CrowdStrike Foundry.
keywords:
- crowdstrike
- oauth2
- crowdstrike-foundry
- javascript
- windows
- linux
- mac
license: MIT
Committers
Last synced: 10 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| dependabot[bot] | 4****] | 106 |
| Matt Raible | m****e@c****m | 36 |
| johns31459 | 1****9 | 4 |
| Stefano Valicchia | s****a@c****m | 3 |
| rlucha-crowdstrike | r****a@c****m | 1 |
| mattiacoppini | m****i@c****m | 1 |
| Praveen Bathala | p****a@c****m | 1 |
| Evan Burns | e****s@c****m | 1 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 7 months ago
All Time
- Total issues: 1
- Total pull requests: 317
- Average time to close issues: 12 months
- Average time to close pull requests: 4 days
- Total issue authors: 1
- Total pull request authors: 4
- Average comments per issue: 3.0
- Average comments per pull request: 0.34
- Merged pull requests: 190
- Bot issues: 0
- Bot pull requests: 299
Past Year
- Issues: 0
- Pull requests: 317
- Average time to close issues: N/A
- Average time to close pull requests: 4 days
- Issue authors: 0
- Pull request authors: 4
- Average comments per issue: 0
- Average comments per pull request: 0.34
- Merged pull requests: 190
- Bot issues: 0
- Bot pull requests: 299
Top Authors
Issue Authors
- mattmarcum (1)
- dependabot[bot] (1)
Pull Request Authors
- dependabot[bot] (308)
- mraible (20)
- github-actions[bot] (16)
- rlucha-crowdstrike (1)
- javier-carrasco-crowdstrike (1)
- prvn (1)