{"id":9622,"date":"2020-07-24T12:43:00","date_gmt":"2020-07-24T18:43:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/automating-mitre-attack-testing\/"},"modified":"2026-03-31T03:49:57","modified_gmt":"2026-03-31T09:49:57","slug":"automatisierung-von-mitre-angriffstests","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/","title":{"rendered":"Automatisierung von ATT&amp;CK-Tests mit SOAR und Atomic Red Team"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Developers reviewing code on a large monitor in a dark workspace\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6-300x167.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6-768x428.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2020-07-24T12:43:00-06:00\">Juli 24, 2020<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Automating ATT&#038;CK Testing with SOAR and Atomic Red Team<\/h1>\n\n\n<div class=\"bs-div bs-div-44a15e4b99450b7aaf810333a0fbaa4ff5112133 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/de\/author\/Nick_Tausek\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Nick_Tausek.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tNick Tausek\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">5 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Automating%20ATT%26CK%20Testing%20with%20SOAR%20and%20Atomic%20Red%20Team').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fautomating-mitre-attack-testing%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Automating%20ATT%26CK%20Testing%20with%20SOAR%20and%20Atomic%20Red%20Team&url=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fautomating-mitre-attack-testing%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fautomating-mitre-attack-testing%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fautomating-mitre-attack-testing%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2 class=\"wp-block-heading\">&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/attack.mitre.org\/\" target=\"_blank\" rel=\"noopener\">MITRE ATT&amp;CK<\/a> is the defacto framework for organizations to measure their defense posture. ATT&amp;CK provides categorical verticals in the form of <em>tactics<\/em>, which align to the common methodologies attackers use. Within these verticals are a set (and subsets) of common ways in which attackers accomplish a tactic (vertical). These are known as <em>techniques<\/em>.<\/p>\n\n\n\n<p>Some techniques may be common across multiple operating systems. This usually equates to a broad definition of a technique. As defenders, this means we must understand how a single technique may be implemented on multiple platforms\u2014which can be difficult for many, including myself. Luckily, organizations like Red Canary have provided our community with a rich framework to assist with the testing of these techniques.<\/p>\n\n\n\n<p><a href=\"https:\/\/swimlane.com\/resources\/automating-attack-testing-soar-atomic-red-team-webinar\/\">Red Canary open-sourced the Atomic Red Team<\/a> project several years ago to assist the security community by providing a set of Atomics (tests) mapped to the MITRE ATT&amp;CK framework. Each Atomic is mapped to a specific technique within ATT&amp;CK and provides one or more tests, which can be run on a system. These Atomics are intended to mock or emulate how an attacker uses a technique against your environment.<\/p>\n\n\n\n<p>In addition to providing a set of tests that can be run, Red Canary also provides multiple execution frameworks that enable us to run these tests. These frameworks are written in Python, PowerShell (Core) and Ruby, but by far the most up-to-date (and most active) is the PowerShell (Core) framework. As a side note, <a href=\"https:\/\/github.com\/redcanaryco\/atomic-red-team\/pull\/339\" target=\"_blank\" rel=\"noopener\">I rewrote the PowerShell framework back in September of 2018<\/a>, but it has had many changes since then.<\/p>\n\n\n\n<p>The idea is that you would use one of the execution frameworks to run one or more Atomic tests against a system. In return, your EDR, SIEM, etc. would then trigger alerts\/detections and begin measuring your effectiveness against specific techniques within your environment. However, doing this has proven to be a difficult, tedious and time-consuming manual process.<\/p>\n\n\n\n<p>As a longtime fan of Red Canary and their Atomic Red Team project, I set out with two main goals:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>To invoke tests remotely across multiple operating system types using a single framework.<\/li>\n\n\n\n<li>To associate detections\/alerts with Atomic tests within an environment.<\/li>\n<\/ol>\n\n\n\n<p><a href=\"https:\/\/swimlane.com\/resources\/automating-attack-testing-soar-atomic-red-team-webinar\/\">I recently presented on how I was able to accomplish these goals using Swimlane SOAR<\/a>. Additionally, I wanted to give back to the security community by open-sourcing a component of this use case.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Use Case<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/\/assets\/uploads\/images\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_1.png\" alt=\"Red Team Test\"\/><\/figure>\n\n\n\n<p>The main use case consists of several applications within a single workspace. I was able to parse out Atomic Red Team Atomics into a single record within an <em>Atomics<\/em> application. As I mentioned previously, each Atomic may have multiple tests associated with it, and those tests may not be for a single operating system type. So, I created a secondary application called <em>Atomic Tests,<\/em> which holds the details about each test and is associated with the Atomics parent record.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_2.png\" alt=\"Single Atomic Test\"\/><figcaption class=\"wp-element-caption\">A single Atomic Test record which is associated with a parent Atomics record.<\/figcaption><\/figure>\n\n\n\n<p>The main entry point an analyst would use is the <em>Host<\/em> application. The host application contains information about a host in which you want to run a test against. An analyst will create a record and provide (at minimum) a name, address (IP or DNS), and the operating system type. Once this new <em>Host<\/em> record is saved, an analyst needs to choose which tests they would like to run. They do this using a reference record to the <em>Atomic Tests<\/em> application. Once they have added tests, they can choose to run one or more tests associated with the record.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">rudder<\/h3>\n\n\n\n<p>You may be asking, &#8220;How are they going to run these tests remotely?&#8221; Well, I would like to introduce a new open-source tool called <a href=\"https:\/\/pypi.org\/project\/rudder\/\" target=\"_blank\" rel=\"noopener\"><em>rudder<\/em><\/a>. <a href=\"https:\/\/pypi.org\/project\/rudder\/\" target=\"_blank\" rel=\"noopener\"><em>rudder<\/em><\/a> is Python package that remotely executes commands on Windows, macOS, or *nix, and it is cross-platform.<\/p>\n\n\n\n<p>In order to use <em>rudder,<\/em> you must provide it with a set of credentials that can either utilize PowerShell Remoting\/WinRM (Windows Remote Management) or SSH on the intended host.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_3.png\" alt=\"Rudder\"\/><\/figure>\n\n\n\n<p>Once you have provided a set of credentials within our <em>Keystore<\/em>, you can run tests across multiple hosts on multiple operating systems from Swimlane. For each test run on a host, we create a historical record in another application called <em>Test History<\/em>. This application contains records of every test performed on a host along with the system&#8217;s response. Each of these tests are then associated with the Host it was run on, providing historical contextual information.<\/p>\n\n\n\n<p>Once a single test has been run on a host, we immediately begin to search for incoming alerts\/detection, which are similar to our test. We do this by looking at the provided applications and specific fields to monitor. We also take into consideration the following data points when making a determination (all of these can be easily modified or customized to your organizations needs):<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Timestamp comparison\n<ol class=\"wp-block-list\">\n<li>Searching start times are based on the timestamp the test was invoked on the host<\/li>\n\n\n\n<li>The end duration is configurable, but by default we have kept it to 3 hours since the test was run<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Address comparison\n<ol class=\"wp-block-list\">\n<li>We look at the provided fields and check if the alert host name\/address is the same address the test was run on.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Execution comparison\n<ol class=\"wp-block-list\">\n<li>Normalization of Atomic test and alert details\n<ol class=\"wp-block-list\">\n<li>Lowercase<\/li>\n\n\n\n<li>Remove characters (e.g. |, \\\\, etc.)<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Compare two command lists to find percentage difference between similar strings and values.<\/li>\n\n\n\n<li>Optional:\n<ol class=\"wp-block-list\">\n<li>We gave the capability of using Levenstein distance calculations and SSDeep hash comparisons, but these are costly and are better used with similar source &amp; destination values.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<p>Once a comparison has been made, and we have determined that an alert\/detection is similar to our test, we then associate that alert record to our single test history record. At this point, we either create a record or associate our test history record with another application called <em>Heat Map Records<\/em>.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_4.png\" alt=\"Swimlane UI Red Team\"\/><figcaption class=\"wp-element-caption\">A Test History record associated with an identified Alert record and a Heat Map Record<\/figcaption><\/figure>\n\n\n\n<div>&nbsp;<\/div>\n\n\n\n<p>A <em>Heat Map Record<\/em> is used to track, report and display data about our ability to detect (or not) specific techniques in which we have run tests. If a test was run and no Alert was identified, then we still track this event, but our reporting will be a little different than if we were able to accurately detect a technique across all historical tests.<\/p>\n\n\n\n<p>Once these records are created or a test history record is associated with a technique, we can then visually understand where we are able to detect malicious activities and where we are falling short.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_5.png\" alt=\"Inside the checker board Swimlane Alerts\"\/><figcaption class=\"wp-element-caption\">MITRE ATT&amp;CK Dashboard widget showing detections and lack thereof<\/figcaption><\/figure>\n\n\n\n<div>&nbsp;<\/div>\n\n\n\n<p>Above is an image of Swimlane&#8217;s MITRE ATT&amp;CK Dashboard widget. This dashboard is pulling data from our <em>Heat Map Records<\/em> and displaying it dynamically. If a grid box does not have color, this means we have not run tests for this specific technique. The darker blue means we have run at least one test and have been able to detect it. As more tests and detections are identified, the color lightens to the aqua blue around <em>At (Windows)<\/em>. If a test has been run and no detection was identified then that technique will be red.<\/p>\n\n\n\n<p>By using <a href=\"https:\/\/swimlane.com\/resources\/automating-attack-testing-soar-atomic-red-team-webinar\/\">Red Canary\u2019s Atomic Red Team<\/a> and Swimlane SOAR, you can automate your ATT&amp;CK testing while gaining visibility into your detection capabilities and gaps simultaneously. No more manual testing, review and correlation. With this use case, you can identify gaps rapidly and begin retesting within a few minutes.<\/p>\n\n\n\n<div class=\"bs-div bs-div-65ae13c88f973d9d33f3c8536a21fda97b51a1ab bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-65ae13c88f973d9d33f3c8536a21fda97b51a1ab {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/Automating-Attack-Testing-Webinar-Video-Thumbnail.png' class='img-fluid'   alt='Automating ATT&#038;CK testing with SOAR shown against a dark network background' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-7139b807ad05bd22aa259e6bba039fb1e12be63f bs-div---default\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"h-automating-attack-testing-with-soar-and-atomic-red-team-46-31\">Automating Attack Testing with SOAR and Atomic Red Team (46:31)<\/h2>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-61661d45c752864fbedea4ad13b5c41c240b4366\"><style>.bs-pro-button-p-btn-61661d45c752864fbedea4ad13b5c41c240b4366 .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/resources\/automating-attack-testing-soar-atomic-red-team-webinar\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Watch Now<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-5e7267355d8caf36f5b5e0c86eef387b664b848d bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ea1ee07c9e2 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/national-read-across-america-day\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>M\u00e4rz 2, 2020<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>One team two team red team blue team<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ea1ee07df13 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/black-hat-keynote-2019\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Aug. 1, 2019<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Every security team is a software team now: Why you should attend the Black Hat keynote<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ea1ee07eed7 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/soc-team-roles-responsibilities\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Feb 1, 2024<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>The Key SOC Team Roles and Responsibilities<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":22,"featured_media":9623,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"Red team","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[69],"class_list":["post-9622","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs","blog-category-use-cases"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>ATT&amp;CK Testing with SOAR &amp; Atomic Red Team<\/title>\n<meta name=\"description\" content=\"With Red Canary\u2019s Atomic Red Team and Swimlane SOAR, you can automate ATT&amp;CK testing while gaining visibility into your detection capabilities and gaps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/de\/blog\/automatisierung-von-mitre-angriffstests\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automating ATT&amp;CK Testing with SOAR and Atomic Red Team\" \/>\n<meta property=\"og:description\" content=\"With Red Canary\u2019s Atomic Red Team and Swimlane SOAR, you can automate ATT&amp;CK testing while gaining visibility into your detection capabilities and gaps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/de\/blog\/automatisierung-von-mitre-angriffstests\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-31T09:49:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"446\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7\u00a0Minuten\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ATT&amp;CK-Tests mit SOAR &amp; Atomic Red Team","description":"Mit Red Canarys Atomic Red Team und Swimlane SOAR k\u00f6nnen Sie ATT&amp;CK-Tests automatisieren und gleichzeitig Einblick in Ihre Erkennungsf\u00e4higkeiten und -l\u00fccken gewinnen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/de\/blog\/automatisierung-von-mitre-angriffstests\/","og_locale":"de_DE","og_type":"article","og_title":"Automating ATT&CK Testing with SOAR and Atomic Red Team","og_description":"With Red Canary\u2019s Atomic Red Team and Swimlane SOAR, you can automate ATT&CK testing while gaining visibility into your detection capabilities and gaps.","og_url":"https:\/\/swimlane.com\/de\/blog\/automatisierung-von-mitre-angriffstests\/","og_site_name":"AI Security Automation","article_modified_time":"2026-03-31T09:49:57+00:00","og_image":[{"width":800,"height":446,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"7\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/","url":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/","name":"ATT&amp;CK-Tests mit SOAR &amp; Atomic Red Team","isPartOf":{"@id":"https:\/\/swimlane.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png","datePublished":"2020-07-24T18:43:00+00:00","dateModified":"2026-03-31T09:49:57+00:00","description":"Mit Red Canarys Atomic Red Team und Swimlane SOAR k\u00f6nnen Sie ATT&amp;CK-Tests automatisieren und gleichzeitig Einblick in Ihre Erkennungsf\u00e4higkeiten und -l\u00fccken gewinnen.","breadcrumb":{"@id":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/Automating-ATTCK-Testing-with-SOAR-and-Atomic-Red-Team_6.png","width":800,"height":446,"caption":"Developers reviewing code on a large monitor in a dark workspace"},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/de\/blog\/automating-mitre-attack-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Automating ATT&#038;CK Testing with SOAR and Atomic Red Team"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/de\/#website","url":"https:\/\/swimlane.com\/de\/","name":"Low-Code Sicherheitsautomatisierung &amp; SOAR-Plattform | Swimlane","description":"Agentische KI-Automatisierung f\u00fcr jede Sicherheitsfunktion","publisher":{"@id":"https:\/\/swimlane.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/de\/#organization","name":"Low-Code Sicherheitsautomatisierung &amp; SOAR-Plattform | Swimlane","url":"https:\/\/swimlane.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/swimlane.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/users\/22"}],"version-history":[{"count":1,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9622\/revisions"}],"predecessor-version":[{"id":55404,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9622\/revisions\/55404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/media\/9623"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/media?parent=9622"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/tags?post=9622"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-type?post=9622"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-topic?post=9622"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-industry?post=9622"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/blog-category?post=9622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}