First Start

First Start Options#

1. When MACAT first starts up you’ll be presented with a License Agreement and some options. You must read and scroll to the bottom and then click the checkbox accepting the License Agreement to continue. While MACAT is in beta, I recommend you leave all automatic download toggles enabled on this screen.
   
2. MACAT will download and load content. This may take a few seconds to a few minutes depending on your internet connection. If you get errors at this step, it’s likely related to anti-virus software, network security controls, or your ability to access Atomic Red Team and MITRE Enterprise ATT&CK content on GitHub.
3. When MACAT has finished loading you’ll be presented with the following screen and there won’t be any status messages in the tray at the bottom of the MACAT window.
   

Getting Familiar with the UI#

The three main menu items in MACAT are:

• Simulations (Lightning Bolt)
• Procedures Library (Folder Icon)
• Settings (Gear Icon)

Simulations#

After clicking through the initial New Simulation / Create a simulation screen, the Simulations screen has a tabbed section at the top that includes a list of active / open Simulations. Clicking the plus button here will create a new simulation. Double clicking the tab text allows you to rename a Simulation. The rest of the simulations UI is split into two halves left and right. The divider can be clicked and dragged to change the size.

The Left side contains simulation configuration and execution controls including:

• start/halt buttons
• save or load a new simulation controls
• button to add new procedures to a simulation
• overall simulation status display
• simulation procedures list

The Right side contains simulation execution output logs and related controls:

• tabs for individual execution logs organized by date
• button to show or hide non-command steps including prerequiste and cleanup steps
• button to hide procedure execution detail including IP address, hostname, etc
• controls for copying execution output

The Running a Simulation guide will cover reviewing procedure and simulation results from this screen.

Procedures Library#

MACAT’s procedures library contains a list of all procedures currently loaded in MACAT’s database. You can use the filters and labels above each column to sort and filter on different fields. There is an additional filters button at the top of the page which will allow you to filter on some fields not shown in the table by default like Threat Profile, Tags, and Defending Tool Types.

Hovering over icons in MACAT’s interface should show a tooltip describing what it signifies. Additionally, each procedure row can be clicked and expanded to show more detail about the procedure.

The actions controls on the right side of the table include options to:

• Export an individual Procedure
• Add a Procedure to a list for bulk export to a MACATable TOML file
• Edit a Procedure
• Delete a Procedure

In the top right there are buttons to:

• Create a Procedure
• Import Procedures
• Bulk Export Procedures if any are added to the Bulk Export List

Settings#

MACAT’s settings contain settings for general application settings, external content, and integrations.

General Settings & Configuration#

For normal use, the only general settings you may want to modify are:

• Procedure timeout
• Sleep

Procedure timeout may need to be increased if you have very long running procedures. Similarly, you may want additional sleep time between procedures to differentiate detection logs.

External Content#

I don’t recommend modifying any of the External Content settings as the app is still in Beta and some features aren’t complete.

Integrations#

VECTR API integration configuration is done here. A separate guide for configuring and using the VECTR integration is available.