Atomic威胁模拟

v20260317

performing-threat-emulation-with-atomic-red-team

使用 atomic-operator 运行 Atomic Red Team 测试，对照 MITRE ATT&CK 技术验证 SIEM/EDR 检测能力，便于紫队演练并记录检测缺口。

测试 MITRE ATT&CK 自动化安全 SIEM EDR 紫队威胁模拟

获取技能

318 次下载

概览

Performing Threat Emulation with Atomic Red Team

Instructions

Use atomic-operator to execute Atomic Red Team tests and validate detection coverage against MITRE ATT&CK techniques.

from atomic_operator import AtomicOperator

operator = AtomicOperator()
# Run a specific technique test
operator.run(
    technique="T1059.001",  # PowerShell execution
    atomics_path="./atomic-red-team/atomics",
)

Key workflow:

Clone the atomic-red-team repository for test definitions
Select ATT&CK techniques matching your detection rules
Execute atomic tests using atomic-operator
Check SIEM/EDR for corresponding alerts
Document detection gaps and update rules

Examples

# Parse atomic test YAML definitions
import yaml
with open("atomics/T1059.001/T1059.001.yaml") as f:
    tests = yaml.safe_load(f)
for test in tests.get("atomic_tests", []):
    print(f"Test: {test['name']}")
    print(f"  Platforms: {test.get('supported_platforms', [])}")

信息

Category 未分类

Name performing-threat-emulation-with-atomic-red-team

版本 v20260317

大小 8.2KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-03-18