mirror of
https://github.com/DISARMFoundation/DISARMframeworks.git
synced 2025-08-12 16:25:29 -04:00
add subtechniques to stix2 generator
This commit is contained in:
VVX7
parent
0549123900
commit
8937d50328
5 changed files with 85 additions and 24 deletions
|
|
@ -34,11 +34,6 @@ def make_disarm_matrix(tactics):
|
|||
]
|
||||
name = 'DISARM Framework'
|
||||
|
||||
# print(tactics)
|
||||
# p =[i.id for i in tactics]
|
||||
# r = properties.ReferenceProperty()
|
||||
# f = properties.ListProperty(r)
|
||||
|
||||
tactic_refs = [i.id for i in tactics]
|
||||
|
||||
matrix = Matrix(
|
||||
|
|
|
|||
|
|
@ -19,3 +19,27 @@ def make_disarm_subtechnique_relationship(source, target):
|
|||
)
|
||||
|
||||
return relationship
|
||||
|
||||
|
||||
def make_disarm_subtechnique_relationships(techniques, subtechniques):
|
||||
"""Creates a map of technique and sub-technique.
|
||||
|
||||
Args:
|
||||
techniques (list): List of STIX2 technique objects.
|
||||
subtechniques (list): List of STIX2 subtechnique objects.
|
||||
|
||||
Returns:
|
||||
A Relationship object.
|
||||
|
||||
"""
|
||||
technique_ids = {}
|
||||
for technique in techniques:
|
||||
technique_ids[technique["external_references"][0]["external_id"]] = technique["id"]
|
||||
|
||||
relationships = []
|
||||
for subtechnique in subtechniques:
|
||||
technique_id = technique_ids[subtechnique["external_references"][0]["external_id"].split(".")[0]]
|
||||
relationship = make_disarm_subtechnique_relationship(subtechnique["id"], technique_id)
|
||||
relationships.append(relationship)
|
||||
|
||||
return relationships
|
||||
|
|
|
|||
|
|
@ -3,6 +3,11 @@ from stix2 import CustomObject, properties, ExternalReference
|
|||
import objects.marking_definition
|
||||
from objects import identity, marking_definition
|
||||
|
||||
valid_tactics = ["plan-strategy", "plan-objectives", "microtarget", "develop-content",
|
||||
"select-channels-and-affordances", "conduct-pump-priming", "deliver-content",
|
||||
"drive-offline-activity", "persist-in-the-information-environment", "assess-effectiveness",
|
||||
"target-audience-analysis", "develop-narratives", "establish-social-assets", "establish-legitimacy",
|
||||
"maximize-exposure", "drive-online-harms"]
|
||||
|
||||
@CustomObject('x-mitre-tactic', [
|
||||
('name', properties.StringProperty(required=True)),
|
||||
|
|
@ -12,14 +17,8 @@ from objects import identity, marking_definition
|
|||
])
|
||||
class Tactic(object):
|
||||
def __init__(self, x_mitre_shortname=None, **kwargs):
|
||||
if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning",
|
||||
"develop-people", "develop-persona",
|
||||
"develop-networks", "microtargeting", "develop-content",
|
||||
"channel-selection", "pump-priming", "exposure",
|
||||
"go-physical",
|
||||
"persistence", "measure-effectiveness"]:
|
||||
# raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
|
||||
print("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
|
||||
if x_mitre_shortname and x_mitre_shortname not in valid_tactics:
|
||||
raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
|
||||
|
||||
|
||||
def make_disarm_tactics(data):
|
||||
|
|
@ -54,4 +53,3 @@ def make_disarm_tactics(data):
|
|||
tactics.append(tactic)
|
||||
|
||||
return tactics
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ def make_disarm_techniques(data):
|
|||
for t in data["techniques"].values.tolist():
|
||||
external_references = [
|
||||
{
|
||||
'external_id': f'{t[0]}',
|
||||
'external_id': f'{t[0]}'.strip(),
|
||||
'source_name': 'DISARM',
|
||||
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
|
||||
}
|
||||
|
|
@ -50,7 +50,7 @@ def make_disarm_techniques(data):
|
|||
kill_chain_phases=kill_chain_phases,
|
||||
custom_properties={
|
||||
'x_mitre_platforms': x_mitre_platforms,
|
||||
'x_mitre_version': "1,0",
|
||||
'x_mitre_version': "1.0",
|
||||
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
|
||||
}
|
||||
)
|
||||
|
|
@ -59,13 +59,57 @@ def make_disarm_techniques(data):
|
|||
return techniques
|
||||
|
||||
|
||||
def make_subtechnique_map(techinques):
|
||||
def make_disarm_subtechniques(data):
|
||||
"""
|
||||
|
||||
Args:
|
||||
techinques:
|
||||
data: The xlsx subtechnique sheet.
|
||||
|
||||
Returns:
|
||||
|
||||
"""
|
||||
pass
|
||||
tacdict = pd.Series(data["tactics"].name.values, index=data["tactics"].disarm_id).to_dict()
|
||||
techdict = pd.Series(data["techniques"].tactic_id.values, index=data["techniques"].disarm_id).to_dict()
|
||||
|
||||
subtechniques = []
|
||||
for t in data["subtechniques"].values.tolist():
|
||||
external_references = [
|
||||
{
|
||||
'external_id': f'{t[0]}'.strip(),
|
||||
'source_name': 'DISARM',
|
||||
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
|
||||
}
|
||||
]
|
||||
|
||||
kill_chain_phases = [
|
||||
{
|
||||
'phase_name': tacdict[techdict[t[2]]].replace(' ', '-').lower(),
|
||||
'kill_chain_name': 'mitre-attack'
|
||||
}
|
||||
]
|
||||
|
||||
subtechnique = t[0].split(".")
|
||||
x_mitre_is_subtechnique = False
|
||||
if len(subtechnique) > 1:
|
||||
x_mitre_is_subtechnique = True
|
||||
|
||||
# MITRE ATT&CK Navigator expect techniques to have at least one of these platforms.
|
||||
# Without one, the technique will not render in the Navigator.
|
||||
x_mitre_platforms = 'Windows', 'Linux', 'Mac'
|
||||
|
||||
technique = AttackPattern(
|
||||
name=f"{t[1]}",
|
||||
description=f"{t[3]}",
|
||||
external_references=external_references,
|
||||
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
|
||||
created_by_ref=objects.identity.make_disarm_identity(),
|
||||
kill_chain_phases=kill_chain_phases,
|
||||
custom_properties={
|
||||
'x_mitre_platforms': x_mitre_platforms,
|
||||
'x_mitre_version': "1.0",
|
||||
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
|
||||
}
|
||||
)
|
||||
|
||||
subtechniques.append(technique)
|
||||
return subtechniques
|
||||
Loading…
Add table
Add a link
Reference in a new issue