Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Multi-cloud security detection coverage analysis platform for MITRE ATT&CK

NotificationsYou must be signed in to change notification settings

osuide/detection-coverage-validator

Repository files navigation

A multi-cloud security detection coverage analysis platform that provides visibility into MITRE ATT&CK coverage across AWS environments.

Overview

Detection Coverage Validator automatically discovers security detections in your cloud environment, maps them to MITRE ATT&CK techniques, and provides actionable coverage insights.

Key Features

  • Automated Discovery: Scans AWS CloudWatch Logs Insights queries and EventBridge rules
  • MITRE ATT&CK Mapping: Pattern-based mapping with confidence scoring
  • Coverage Analysis: Tactic and technique coverage visualization
  • Gap Identification: Risk-prioritized security gaps
  • Dashboard: Interactive coverage heatmap and reports

Architecture

┌─────────────────────────────────────────────────────────────────┐│                         Frontend (React)                         │├─────────────────────────────────────────────────────────────────┤│                      API Gateway + Lambda                        │├──────────────┬──────────────┬──────────────┬───────────────────┤│   Scanner    │    Mapper    │   Analyzer   │    Reporter       ││   (Fargate)  │   (Lambda)   │   (Lambda)   │    (Lambda)       │├──────────────┴──────────────┴──────────────┴───────────────────┤│                    PostgreSQL (RDS) + Redis                      │└─────────────────────────────────────────────────────────────────┘

Quick Start

Prerequisites

  • Python 3.11+
  • Node.js 18+
  • Docker & Docker Compose
  • AWS CLI configured
  • Terraform 1.5+

Local Development

# Clone the repositorygit clone https://github.com/osuide/detection-coverage-validator.gitcd detection-coverage-validator# Start local servicesdocker-compose up -d# Backend setupcd backendpython -m venv .venvsource .venv/bin/activatepip install -r requirements.txtalembic upgrade headuvicorn app.main:app --reload# Frontend setup (new terminal)cd frontendnpm installnpm run dev

AWS Deployment

cd infrastructure/terraformterraform initterraform planterraform apply

Project Structure

├── backend/                 # Python FastAPI application│   ├── app/│   │   ├── api/            # REST API endpoints│   │   ├── core/           # Configuration, security│   │   ├── models/         # SQLAlchemy models│   │   ├── scanners/       # Cloud detection scanners│   │   ├── mappers/        # MITRE mapping engine│   │   └── analyzers/      # Coverage analysis│   ├── alembic/            # Database migrations│   └── tests/              # pytest tests├── frontend/               # React application│   ├── src/│   │   ├── components/     # React components│   │   ├── pages/          # Page components│   │   └── services/       # API clients├── infrastructure/         # Terraform + Docker│   ├── terraform/          # AWS infrastructure│   └── docker/             # Container definitions└── agents/                 # Design documents

API Documentation

Once running, access the API documentation at:

Configuration

Environment variables:

VariableDescriptionDefault
DATABASE_URLPostgreSQL connection string-
REDIS_URLRedis connection string-
AWS_REGIONDefault AWS regioneu-west-2
CONFIDENCE_THRESHOLD_COVEREDThreshold for "covered"0.6
CONFIDENCE_THRESHOLD_PARTIALThreshold for "partial"0.4

License

MIT

About

Multi-cloud security detection coverage analysis platform for MITRE ATT&CK

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published
[8]ページ先頭
©2009-2025 Movatter.jp