Home

Awesome

DISARM Disinformation TTP (Tactics, Techniques and Procedures) Framework

DISARM is a framework designed for describing and understanding disinformation incidents. DISARM is part of work on adapting information security (infosec) practices to help track and counter disinformation and other information harms, and is designed to fit existing infosec practices and tools.

DISARM's style is based on the MITRE ATT&CK framework. STIX templates for DISARM objects are available in the DISARM_CTI repo - these make it easy for DISARM data to be passed between ISAOs and similar bodies using standards like TAXII.

What's in this folder

DISARM DOCUMENTATION:

DISARM FRAMEWORKS:

DISARM OBJECTS: all the entities used to create the Red Team and Blue Team frameworks:

There's a directory for each of these, containing a datasheet for each individual entity (e.g. technique T0046 Search Engine Optimization). There's also a directory generated_files containing any files (CSVs, sqlite etc) we generate from the above tables.

Updating DISARM

Major changes: Any major changes to DISARM models are agreed on by the DISARM Foundation.

Minor changes: We love any and all suggestions for improvements, comments and offers of help - reach out to us using this google form. (We're also going back through earlier issues lists: AMITT issues list and Misinfosec issues list)

Using your own datasets: DISARM is open source. If you want to do your own thing with DISARM data, these will help:

If you have your own version of this repository and update DISARM_FRAMEWORKS_MASTER.xlsx, typing "python generate_DISARM_pages.py" will update all the files above from it. If you want to update the DISARM github file, DISARM databases, and DISARM STIX bundle at the same time, run file generate_DISARM_pages.ipynb from Jupyter.

Who's Responsible for DISARM (and a little history)

DISARM is licensed under CC-BY-4.0