_About Atomic Red Team
[THIS CONTENT MAY BE OUT OF DATE - PLEASE SEE "GETTING STARTED"]
Atomic Red Team is a library of simple tests that every security team can execute to test their controls. Tests are focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.
We can visualize how well Atomic Red Team covers the MITRE ATT&CK TTPs by viewing the available atomic tests on the MITRE ATT&CK Navigator.
The colored items on the matrix indicate that at least one atomic test exists for the given technique.
For more information on atomic test coverage checkout out the other Markdown, CSV, and YAML indexes in the Indexes folder.
There are several folders in the repository but the most important one is the "atomics" folder, because that is where all of the atomic tests are defined. A description of the folders is given below, but the majority of people interacting with the project just need to know about the "atomics" folder.
The atomics folder contains all the atomic test definition files. They are organized in folders by their MITRE ATT&CK technique numbers (or T#, e.g. T1003.001).
Inside of each Technique folder is the test definition file in YAML format, and another version of the same information in a markdown (md) file. The markdown files are provided as a convenience because they are friendlier to read. The technique folder may optionally contain a src and bin directory as well for supporting files.
Try clicking on one of the markdown files to see the atomic tests, such as T1003.001.md that are included in that folder.
The atomics folder also contains one special folder called Indexes that lists all the tests in various formats including Markdown, CSV and YAML.
- Peruse the Complete list of Atomic Tests (md, csv) and the ATT&CK Matrix
The bin folder contains scripts that are automatically run when a pull request is merged, such as generating the markdown files from the yaml test definition files and generating unique test GUIDs for each test.
The docs folder contains the web page content for the https://atomicredteam.io/ site.
The atomic_red_team folder contains a spec.yaml file that defines the expected format for the atomic test definition yaml files. It also contains the template for the markdown files and some other helper scripts.