Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2025-06-27 08:01:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added EEAS framework objects and STIX generator

Browse source 
Added framework objects:
- Added technique T0066 "Degrade adversary" to TA02
- Added technique T0067 "Plan to discredit credible sources" to TA02
- Added technique T0068 "respond to breaking news event" to TA02
- Added technique T0069  "respond to active crisis" to TA02
- Added technique T0070 "Analyze existing communities" to TA02
- Added technique T0071 "Find echo chambers" to TA13
- Added technique T0072  "Segment audiences" to TA13

Added STIX generator from repo DISARM-stix2, and added code to generate github files, databases, and STIX from the same Jupyter notebook.
This commit is contained in:
Sara-Jayne Terp 2022-02-20 15:40:34 -05:00
parent 2117dcf09b
commit c11e9d06ad
46 changed files with 2428 additions and 17533 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
CODE/DISARM-STIX2/objects/__pycache__/bundle.cpython-38.pyc Normal file
View file

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/identity.cpython-38.pyc Normal file
View file

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/marking_definition.cpython-38.pyc Normal file
View file

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/matrix.cpython-38.pyc Normal file
View file

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/tactic.cpython-38.pyc Normal file
View file

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/technique.cpython-38.pyc Normal file
View file

Binary file not shown.

15
CODE/DISARM-STIX2/objects/bundle.py Normal file
View file

@ -0,0 +1,15 @@
from stix2 import Bundle
def make_stix_bundle(stix_objects):
"""Makes a STIX Bundle object.
Args:
stix_objects (list): A list of STIX objects.
Returns:
Bundle: A STIX Bundle object.
"""
bundle = Bundle(stix_objects, allow_custom=True)
return bundle

16
CODE/DISARM-STIX2/objects/identity.py Normal file
View file

@ -0,0 +1,16 @@
from stix2 import Identity
def make_disarm_identity():
"""Creates the default DISARM identity used for indicating authorship of various components in the bundle.
Returns:
identity: a STIX Identity object
"""
identity = Identity(
name="DISARM Foundation",
identity_class="organization",
description="DISARM is a framework designed for describing and understanding disinformation incidents.",
)
return identity

11
CODE/DISARM-STIX2/objects/marking_definition.py Normal file
View file

@ -0,0 +1,11 @@
from stix2 import MarkingDefinition, StatementMarking
from objects import identity
def make_disarm_marking_definition():
marking_definition = MarkingDefinition(
definition_type="statement",
created_by_ref=identity.make_disarm_identity(),
definition=StatementMarking(statement="CC-BY-SA-4.0 DISARM Foundation")
)
return marking_definition

51
CODE/DISARM-STIX2/objects/matrix.py Normal file
View file

@ -0,0 +1,51 @@
from stix2 import CustomObject, properties, ExternalReference
import objects.marking_definition
from objects import identity, marking_definition
@CustomObject('x-mitre-matrix', [
('name', properties.StringProperty(required=True)),
('description', properties.StringProperty(required=True)),
('tactic_refs', properties.ListProperty(properties.ReferenceProperty(valid_types="SDO"), required=True))
])
class Matrix(object):
def __init__(self, **kwargs):
if True:
pass
def make_disarm_matrix(tactics):
"""Creates a Matrix object.
Args:
tactics: A list of Tactic objects.
Returns:
"""
description = 'DISARM is a framework designed for describing and understanding disinformation incidents.'
external_references = [
{
"external_id": "DISARM",
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation"
}
]
name = 'DISARM Framework'
# print(tactics)
# p =[i.id for i in tactics]
# r = properties.ReferenceProperty()
# f = properties.ListProperty(r)
tactic_refs = [i.id for i in tactics]
matrix = Matrix(
name=name,
description=description,
external_references=external_references,
tactic_refs=tactic_refs,
allow_custom=True
)
return [matrix]

21
CODE/DISARM-STIX2/objects/relationship.py Normal file
View file

@ -0,0 +1,21 @@
from stix2 import Relationship, properties, ExternalReference
def make_disarm_subtechnique_relationship(source, target):
"""Creates a relationship between the parent technique and sub-technique.
Args:
source (str): Subtechnique ID
target (str): Parent technique ID
Returns:
A Relationship object.
"""
relationship = Relationship(
source_ref=source,
target_ref=target,
relationship_type="subtechnique-of"
)
return relationship

57
CODE/DISARM-STIX2/objects/tactic.py Normal file
View file

@ -0,0 +1,57 @@
from stix2 import CustomObject, properties, ExternalReference
import objects.marking_definition
from objects import identity, marking_definition
@CustomObject('x-mitre-tactic', [
('name', properties.StringProperty(required=True)),
('description', properties.StringProperty(required=True)),
('x_mitre_shortname', properties.StringProperty(required=True)),
('external_references', properties.ListProperty(ExternalReference))
])
class Tactic(object):
def __init__(self, x_mitre_shortname=None, **kwargs):
if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning",
"develop-people", "develop-persona",
"develop-networks", "microtargeting", "develop-content",
"channel-selection", "pump-priming", "exposure",
"go-physical",
"persistence", "measure-effectiveness"]:
# raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
print("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
def make_disarm_tactics(data):
"""Create all DISARM tactic objects.
Args:
data: The xlsx tactic sheet.
Returns:
A list of Tactics.
"""
tactics = []
for t in data["tactics"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}',
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/tactics/{t[0]}.md'
}
]
tactic = Tactic(
name=f"{t[1]}",
description=f"{t[5]}",
x_mitre_shortname=f'{t[1].lower().replace(" ", "-")}',
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity()
)
tactics.append(tactic)
return tactics

71
CODE/DISARM-STIX2/objects/technique.py Normal file
View file

@ -0,0 +1,71 @@
from stix2 import AttackPattern, properties, ExternalReference
import objects.marking_definition
import pandas as pd
from objects import identity, marking_definition
def make_disarm_techniques(data):
"""Create all DISARM Techniques objects.
Args:
data: The xlsx technique sheet.
Returns:
A list of Techniques.
"""
tacdict = pd.Series(data["tactics"].name.values, index=data["tactics"].disarm_id).to_dict()
techniques = []
for t in data["techniques"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}',
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
}
]
kill_chain_phases = [
{
'phase_name': tacdict[t[3]].replace(' ', '-').lower(),
'kill_chain_name': 'mitre-attack'
}
]
subtechnique = t[0].split(".")
x_mitre_is_subtechnique = False
if len(subtechnique) > 1:
x_mitre_is_subtechnique = True
# MITRE ATT&CK Navigator expect techniques to have at least one of these platforms.
# Without one, the technique will not render in the Navigator.
x_mitre_platforms = 'Windows', 'Linux', 'Mac'
technique = AttackPattern(
name=f"{t[1]}",
description=f"{t[3]}",
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity(),
kill_chain_phases=kill_chain_phases,
custom_properties={
'x_mitre_platforms': x_mitre_platforms,
'x_mitre_version': "1,0",
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
}
)
techniques.append(technique)
return techniques
def make_subtechnique_map(techinques):
"""
Args:
techinques:
Returns:
"""
pass