From a4d874c66efc11559a3faeced4130f153fa12dca Mon Sep 17 00:00:00 2001 From: Jon Baker Date: Thu, 23 Sep 2021 15:33:24 -0400 Subject: [PATCH] Documentation review (#93) * Update README.md * Update README.md * Update README.md * Update CONTRIBUTING.md * Update README.md * Update README.md --- CONTRIBUTING.md | 18 ++++++++++++++++-- README.md | 42 ++++++++++++------------------------------ 2 files changed, 28 insertions(+), 32 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9230bff229..f4f818d9fa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,20 @@ # Contribute -You can help contribute to TRAM! We hope the community can help us improve our NLP models, by contributing to ATT&CK (https://attack.mitre.org/resources/contribute/). Additionally, we are looking for contributions to find techniques in reporting that currently do not have enough data to have NLP models built (ie. techniques with less than 10 Procedure Examples). +## How to contribute + +Thanks for contributing to TRAM! + +You are welcome to comment on issues, open new issues, and open pull requests. + +Pull requests should target the **develop** branch of the repository. + +Also, if you contribute any source code, we need you to agree to the following Developer's Certificate of Origin below. + +## Reporting Issues + +* Describe (in detail) what should have happened. Include any supporting information that may be helpful in resolving the issue. + +* Be sure to include any steps to replicate the issue. ## Submission Guidelines @@ -36,4 +50,4 @@ By making a contribution to this project, I certify that: personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. -``` \ No newline at end of file +``` diff --git a/README.md b/README.md index db206f1360..2bd3b2afcd 100644 --- a/README.md +++ b/README.md @@ -2,20 +2,16 @@ # TRAM -Threat Report ATT&CK® Mapping (TRAM) is a tool that leverages Natural Language Processing to aid analysts in mapping finished reports to ATT&CK. +Threat Report ATT&CK Mapping (TRAM) is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®. -There is no shortage of cyber threat intelligence (CTI) reporting, and analysts often find themselves overburdened by the constant stream of reports. Analyzing these reports can be strenuous and tedious for analysts, often taking up large amounts of their time. Automating CTI mapping to ATT&CK will reduce analyst fatigue and improve consistency of threat intelligence mappings. +TRAM enables researchers to test and refine Machine Learning (ML) models for identifying ATT&CK techniques in prose-based cyber threat intel reports and allows threat intel analysts to train ML models and validate ML results. -TRAM seeks to help analysts by automatically extracting adversary behaviors, which can help with the acceleration of the analysis process to prevent a backlog. With faster analysis, CTI teams can more easily operationalize their intel. While TRAM cannot replace a human analyst, it certainly can help by providing analysts with some starting data about the report. - -TRAM uses natural language processing and classification techniques to extract adversary behaviors (ATT&CK techniques) from raw text which comes in the form of published threat reports. The current practice to extract these techniques relies entirely on manual analysis performed by human analysts. This introduces problems like human error, dependence on physical availability, and demand for an extensive understanding of ATT&CK. With automation, this project will increase the quality and completeness of the ATT&CK knowledge base while reducing demand on human analysts. +Through research into automating the mapping of cyber threat intel reports to ATT&CK, TRAM aims to reduce the cost and increase the effectiveness of integrating ATT&CK into cyber threat intelligence across the community. Threat intel providers, threat intel platforms, and analysts should be able to use TRAM to integrate ATT&CK more easily and consistently into their products. ## Table of contents * [Installation](#installation) * [Requirements](#requirements) -* [Installation](#developer-setup) -* [Documentation](#documentation) -* [Machine Learning](ML.md) +* [Developer Setup](#developer-setup) * [Contribute](#how-do-i-contribute) * [Notice](#notice) @@ -89,33 +85,19 @@ python src/tram/manage.py pipeline run ``` ## How do I contribute? +We welcome your feedback and contributions to help advance TRAM. Please see the guidance for contributors if are you interested in [contributing or simply reporting issues.](/CONTRIBUTING.md) -We welcome all the help we can get in making TRAM a more useful tool for the community. -We have made a working prototype and acknowledge that there will need to be increased efforts in the future to maintain -and improve it. -If you have any issues with TRAM, you can create an issue in the issues tab, we'll try to respond as soon as possible. +Please submit [issues](https://github.com/center-for-threat-informed-defense/tram/issues) for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries. -Read [CONTRIBUTING.md](CONTRIBUTING.md) to better understand what we're looking for. -There's also a Developer Certificate of Origin that you'll need to sign off on. -​ ## Notice +Copyright 2021 MITRE Engenuity. Approved for public release. Document number CT0035 -Copyright 2021 The MITRE Corporation - -Approved for Public Release; Distribution Unlimited. Case Number 19-3429. +Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +http://www.apache.org/licenses/LICENSE-2.0 - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -This project makes use of ATT&CK® +This project makes use of MITRE ATT&CK® -ATT&CK® Terms of Use - https://attack.mitre.org/resources/terms-of-use/ +[ATT&CK Terms of Use](https://attack.mitre.org/resources/terms-of-use/)