Feature Overview
| Name | Availability | |
|---|---|---|
| Procedural Execution | ||
| Full Atomic Red Team Executor Support (cmd, powershell, bash, sh) | ✔️ | |
| Enhanced MACAT Executor Support | ✔️ | |
| Automatable CLI-only Execution & Terminal Support | On Roadmap | |
| Content Management | ||
| Automatic Atomic Red Team Content Sync | ✔️ | |
| Automatic MITRE Enterprise ATT&CK Resource Sync | ✔️ | |
| MACATable File Format Support | ✔️ | |
| Atomic Red Team (ART) index YAML Support | ✔️ | |
| Record Keeping | ||
| Complete Structured Execution Log | ✔️ | |
| Automatic save of open tabs and work | ✔️ | |
| External Integrations | ||
| VECTR (Send results directly via API) | ✔️ | |
| Platforms | ||
| Windows 10 / 11 | ✔️ | |
| Linux | On Roadmap | |
| MacOS | On Roadmap | |
Feature Details
Content Management and Expandability
One of the primary goals of MACAT is to ease Adversary Simulation content management. My focus will continue to be on streamlining integration of external threat content like Atomic Red Team, Security Risk Advisors' Index program, and eventually other sources like MITRE CTID.
- Rich Content Filters. Sort, Search, and Filter all aspects of Adversary Simulation content to put together the perfect exercises, increasing the capability of your team.
- Modular Architecture. MACAT's executors are built with modularity in mind. The goal is to allow integration with more internal executors as well as other external executors, mimicking how some agent-based malware operates.
- Enrichment. MACAT automatically updates itself with MITRE Enteprise ATT&CK data, categorizing and tagging adversary simulation content.
Results Tracking
A critical part of the success of a practical cybersecurity defense program is the ability to track your results including success and failure. This extends to every level - from the holistic program level all the way down to the success and failure of individual simulation activities on the Red Team side or individual defenses on the Blue Team side.
MACAT makes it significantly easier to track the Red Team side results with its detailed execution logs and integrations with industry standard tools.
Data Sharing
MACAT uses file formats that are created with data-sharing in mind. Atomic Red Team's YAML format has an existing repository, and the MACATable TOML file format is easy to store and maintain in source control repositories.
Additionally, MACAT includes the ability to save and load custom simulations. Future plans include the ability to modify, save, and load procedural content independently of simulations.