mitre_attack_heatmap content provider in mitre plugin

[traut]

Description

MITRE ATT&CK is a popular ontology of the tactics and techniques heavily utilized in cyber security, such as threat intelligence, detection engineering, threat modeling, etc.

MITRE ATT&CK comes with a tool called MITRE ATT&CK Navigator that allows users to build heatmaps with layers that are easy to generate/import/export.

Use Case

ATT&CK heatmaps are commonly used in reporting as a visual aid representing a histogram of techniques, either seen in alerting data, or calculated from detection rule coverage, or found in intelligence, etc.

Requirements

Build a content provider that can take data in the latest iteration of MITRE ATT&CK Navigator layer format and render a HTML table.

Navigator HTML layout is quite complex and requires JS. For the first iteration of the content provider, we'll focus on simpler but still useful representation. The exact design is TBD.

The rendered table should have minimum styling to be "themed" (if needed) on a document template level.

Inspiration for the design

Microsoft Sentinel MITRE ATT&CK coverage view

Elastic Security Solution MITRE ATT&CK rules coverage

Threatnote.io MITRE ATT&CK coverage view

and Attack Flow

Additional Information

• https://attack.mitre.org/
• https://mitre-attack.github.io/attack-navigator/
• a tool for generating ATT&CK layers from CSV files - https://github.com/mitre-attack/attack-navigator/tree/master/layers/attack_layers
• layer examples -- https://github.com/mitre-attack/attack-navigator/tree/master/layers/data/samples