Feature Overview
Name | Availability | |
---|---|---|
Procedural Execution | ||
Full Atomic Red Team Executor Support (cmd, powershell, bash, sh) | ✔️ | |
Enhanced MACAT Executor Support | ✔️ | |
Automatable CLI-only Execution & Terminal Support | On Roadmap | |
Content Management | ||
Automatic Atomic Red Team Content Sync | ✔️ | |
Automatic MITRE Enterprise ATT&CK Resource Sync | ✔️ | |
MACATable File Format Support | ✔️ | |
Atomic Red Team (ART) index YAML Support | ✔️ | |
Record Keeping | ||
Complete Structured Execution Log | ✔️ | |
Automatic save of open tabs and work | ✔️ | |
External Integrations | ||
VECTR (Send results directly via API) | ✔️ | |
Platforms | ||
Windows 10 / 11 | ✔️ | |
Linux | On Roadmap | |
MacOS | On Roadmap |
Feature Details
One of the primary goals of MACAT is to ease Adversary Simulation content management. My focus will continue to be on streamlining integration of external threat content like Atomic Red Team, Security Risk Advisors' Index program, and eventually other sources like MITRE CTID.
A critical part of the success of a practical cybersecurity defense program is the ability to track your results including success and failure. This extends to every level - from the holistic program level all the way down to the success and failure of individual simulation activities on the Red Team side or individual defenses on the Blue Team side.
MACAT makes it significantly easier to track the Red Team side results with its detailed execution logs and integrations with industry standard tools.
MACAT uses file formats that are created with data-sharing in mind. Atomic Red Team's YAML format has an existing repository, and the MACATable TOML file format is easy to store and maintain in source control repositories.
Additionally, MACAT includes the ability to save and load custom simulations. Future plans include the ability to modify, save, and load procedural content independently of simulations.