performing-threat-emulation-with-atomic-red-team
SKILL.md
Performing Threat Emulation with Atomic Red Team
Instructions
Use atomic-operator to execute Atomic Red Team tests and validate detection coverage against MITRE ATT&CK techniques.
from atomic_operator import AtomicOperator
operator = AtomicOperator()
# Run a specific technique test
operator.run(
technique="T1059.001", # PowerShell execution
atomics_path="./atomic-red-team/atomics",
)
Key workflow:
- Clone the atomic-red-team repository for test definitions
- Select ATT&CK techniques matching your detection rules
- Execute atomic tests using atomic-operator
- Check SIEM/EDR for corresponding alerts
- Document detection gaps and update rules
Examples
# Parse atomic test YAML definitions
import yaml
with open("atomics/T1059.001/T1059.001.yaml") as f:
tests = yaml.safe_load(f)
for test in tests.get("atomic_tests", []):
print(f"Test: {test['name']}")
print(f" Platforms: {test.get('supported_platforms', [])}")
Weekly Installs
1
Repository
mukul975/anthro…y-skillsGitHub Stars
1.3K
First Seen
2 days ago
Security Audits
Installed on
zencoder1
amp1
cline1
opencode1
cursor1
kimi-cli1