Enter The Matrix v1.3.0

A full CRUD API has been introduced that gives users the ability to integrate ETM into their workflows and reporting capabilities. The API is available with full Swagger documentation to help you test and create your integrations as easily as possible. Authorization is required on all API endpoints and is handled by supplying the X-API-Key custom header and a key generated within ETM.

Each API key has granular permissions that are controlled within the administrative section of the application. Keys can be limited to specific resource types, specific CRUD operations, and specific assessments.

Through the new API, you can pull out data to produce interesting metrics about yourself as an organization as well as your client’s organizations. Create reports using tools like PowerBI to present a history of attack scenarios used against your client or show which vulnerabilities you’ve used as a consultant to cause business impact. The metrics you create through the general use of ETM also paint a picture of how you as a consultant operate. Understanding this information can help you improve areas you may not execute in often, or simply show how well you match up to the adversaries you are emulating.

To learn more about the ETM API and its capabilities, head over to the repo, deploy ETM, and navigate to the /swagger endpoint for full documentation. I hope you find these updates useful, and I look forward to continuing to improve ETM in the future. If you have any questions or ideas for future development work, please feel free to reach out by submitting an issue on GitHub, or directly over Twitter (@codymartin)

Conclusions

This article was originally published here while I was working with Black Lantern Security. ETM has many features yet to be introduced and I look forward to providing updates as they are developed.