Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2025-05-07 17:24:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

add subtechniques to stix2 generator. update STIX bundles. use subtechnique dot notation name convention in DISARM_FRAMEWORKS_MASTER.xlsx

Browse source
This commit is contained in:
VVX7 2022-07-02 13:29:40 -04:00
parent f1d7a8ac3d
commit c7b5d59876
671 changed files with 15048 additions and 12934 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CODE/DISARM-STIX2/main.py
View file

@ -25,14 +25,12 @@ def generate_disarm_stix():
tactics = tactic.make_disarm_tactics(data)
techniques = technique.make_disarm_techniques(data)
subtechniques = technique.make_disarm_subtechniques(data)
subtechnique_relationships = relationship.make_disarm_subtechnique_relationships(techniques, subtechniques)
subtechnique_relationships = relationship.make_disarm_subtechnique_relationships(techniques)
navigator_matrix = matrix.make_disarm_matrix(tactics)
stix_objects = []
stix_objects.append(tactics)
stix_objects.append(techniques)
stix_objects.append(subtechniques)
stix_objects.append(subtechnique_relationships)
stix_objects.append(navigator_matrix)

12
CODE/DISARM-STIX2/objects/relationship.py
View file

@ -21,12 +21,11 @@ def make_disarm_subtechnique_relationship(source, target):
return relationship
def make_disarm_subtechnique_relationships(techniques, subtechniques):
def make_disarm_subtechnique_relationships(techniques):
"""Creates a map of technique and sub-technique.
Args:
techniques (list): List of STIX2 technique objects.
subtechniques (list): List of STIX2 subtechnique objects.
Returns:
A Relationship object.
@ -37,9 +36,10 @@ def make_disarm_subtechnique_relationships(techniques, subtechniques):
technique_ids[technique["external_references"][0]["external_id"]] = technique["id"]
relationships = []
for subtechnique in subtechniques:
technique_id = technique_ids[subtechnique["external_references"][0]["external_id"].split(".")[0]]
relationship = make_disarm_subtechnique_relationship(subtechnique["id"], technique_id)
relationships.append(relationship)
for technique in techniques:
if technique["x_mitre_is_subtechnique"]:
technique_id = technique_ids[technique["external_references"][0]["external_id"].split(".")[0]]
relationship = make_disarm_subtechnique_relationship(technique["id"], technique_id)
relationships.append(relationship)
return relationships

56
CODE/DISARM-STIX2/objects/technique.py
View file

@ -57,59 +57,3 @@ def make_disarm_techniques(data):
techniques.append(technique)
return techniques
def make_disarm_subtechniques(data):
"""
Args:
data: The xlsx subtechnique sheet.
Returns:
"""
tacdict = pd.Series(data["tactics"].name.values, index=data["tactics"].disarm_id).to_dict()
techdict = pd.Series(data["techniques"].tactic_id.values, index=data["techniques"].disarm_id).to_dict()
subtechniques = []
for t in data["subtechniques"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}'.strip(),
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
}
]
kill_chain_phases = [
{
'phase_name': tacdict[techdict[t[2]]].replace(' ', '-').lower(),
'kill_chain_name': 'mitre-attack'
}
]
subtechnique = t[0].split(".")
x_mitre_is_subtechnique = False
if len(subtechnique) > 1:
x_mitre_is_subtechnique = True
# MITRE ATT&CK Navigator expect techniques to have at least one of these platforms.
# Without one, the technique will not render in the Navigator.
x_mitre_platforms = 'Windows', 'Linux', 'Mac'
technique = AttackPattern(
name=f"{t[1]}",
description=f"{t[3]}",
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity(),
kill_chain_phases=kill_chain_phases,
custom_properties={
'x_mitre_platforms': x_mitre_platforms,
'x_mitre_version': "1.0",
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
}
)
subtechniques.append(technique)
return subtechniques

176
CODE/generate_DISARM_pages.ipynb
View file

@ -18,7 +18,7 @@
},
{
"cell_type": "code",
"execution_count": 2,
"execution_count": 3,
"metadata": {
"scrolled": true
},
@ -35,8 +35,182 @@
"updated ../generated_pages/phases_index.md\n",
"Temp: objecttype tactic\n",
"updated ../generated_pages/tactics_index.md\n",
"Updating ../generated_pages/tactics/TA02.md\n",
"Updating ../generated_pages/tactics/TA05.md\n",
"Updating ../generated_pages/tactics/TA06.md\n",
"Updating ../generated_pages/tactics/TA07.md\n",
"Updating ../generated_pages/tactics/TA09.md\n",
"Updating ../generated_pages/tactics/TA10.md\n",
"Updating ../generated_pages/tactics/TA11.md\n",
"Updating ../generated_pages/tactics/TA12.md\n",
"Updating ../generated_pages/tactics/TA13.md\n",
"Updating ../generated_pages/tactics/TA14.md\n",
"Updating ../generated_pages/tactics/TA15.md\n",
"Updating ../generated_pages/tactics/TA16.md\n",
"Updating ../generated_pages/tactics/TA17.md\n",
"Updating ../generated_pages/tactics/TA18.md\n",
"Temp: objecttype technique\n",
"updated ../generated_pages/techniques_index.md\n",
"Updating ../generated_pages/techniques/T0009.001.md\n",
"Updating ../generated_pages/techniques/T0014.001.md\n",
"Updating ../generated_pages/techniques/T0014.002.md\n",
"Updating ../generated_pages/techniques/T0017.001.md\n",
"Updating ../generated_pages/techniques/T0019.001.md\n",
"Updating ../generated_pages/techniques/T0019.002.md\n",
"Updating ../generated_pages/techniques/T0022.001.md\n",
"Updating ../generated_pages/techniques/T0022.002.md\n",
"Updating ../generated_pages/techniques/T0023.001.md\n",
"Updating ../generated_pages/techniques/T0023.002.md\n",
"Updating ../generated_pages/techniques/T0043.001.md\n",
"Updating ../generated_pages/techniques/T0043.002.md\n",
"Updating ../generated_pages/techniques/T0048.001.md\n",
"Updating ../generated_pages/techniques/T0048.002.md\n",
"Updating ../generated_pages/techniques/T0048.003.md\n",
"Updating ../generated_pages/techniques/T0048.004.md\n",
"Updating ../generated_pages/techniques/T0049.001.md\n",
"Updating ../generated_pages/techniques/T0049.002.md\n",
"Updating ../generated_pages/techniques/T0049.003.md\n",
"Updating ../generated_pages/techniques/T0049.004.md\n",
"Updating ../generated_pages/techniques/T0049.005.md\n",
"Updating ../generated_pages/techniques/T0049.006.md\n",
"Updating ../generated_pages/techniques/T0049.007.md\n",
"Updating ../generated_pages/techniques/T0057.001.md\n",
"Updating ../generated_pages/techniques/T0057.002.md\n",
"Updating ../generated_pages/techniques/T0061.001.md\n",
"Updating ../generated_pages/techniques/T0072.001.md\n",
"Updating ../generated_pages/techniques/T0072.002.md\n",
"Updating ../generated_pages/techniques/T0072.003.md\n",
"Updating ../generated_pages/techniques/T0072.004.md\n",
"Updating ../generated_pages/techniques/T0072.005.md\n",
"Updating ../generated_pages/techniques/T0075.001.md\n",
"Updating ../generated_pages/techniques/T0080.001.md\n",
"Updating ../generated_pages/techniques/T0080.002.md\n",
"Updating ../generated_pages/techniques/T0080.003.md\n",
"Updating ../generated_pages/techniques/T0080.004.md\n",
"Updating ../generated_pages/techniques/T0080.005.md\n",
"Updating ../generated_pages/techniques/T0081.001.md\n",
"Updating ../generated_pages/techniques/T0081.002.md\n",
"Updating ../generated_pages/techniques/T0081.003.md\n",
"Updating ../generated_pages/techniques/T0081.004.md\n",
"Updating ../generated_pages/techniques/T0081.005.md\n",
"Updating ../generated_pages/techniques/T0081.006.md\n",
"Updating ../generated_pages/techniques/T0081.007.md\n",
"Updating ../generated_pages/techniques/T0081.008.md\n",
"Updating ../generated_pages/techniques/T0084.001.md\n",
"Updating ../generated_pages/techniques/T0084.002.md\n",
"Updating ../generated_pages/techniques/T0084.003.md\n",
"Updating ../generated_pages/techniques/T0084.004.md\n",
"Updating ../generated_pages/techniques/T0085.001.md\n",
"Updating ../generated_pages/techniques/T0085.002.md\n",
"Updating ../generated_pages/techniques/T0085.003.md\n",
"Updating ../generated_pages/techniques/T0086.001.md\n",
"Updating ../generated_pages/techniques/T0086.002.md\n",
"Updating ../generated_pages/techniques/T0086.003.md\n",
"Updating ../generated_pages/techniques/T0086.004.md\n",
"Updating ../generated_pages/techniques/T0087.001.md\n",
"Updating ../generated_pages/techniques/T0087.002.md\n",
"Updating ../generated_pages/techniques/T0088.001.md\n",
"Updating ../generated_pages/techniques/T0088.002.md\n",
"Updating ../generated_pages/techniques/T0089.001.md\n",
"Updating ../generated_pages/techniques/T0089.002.md\n",
"Updating ../generated_pages/techniques/T0089.003.md\n",
"Updating ../generated_pages/techniques/T0090.001.md\n",
"Updating ../generated_pages/techniques/T0090.002.md\n",
"Updating ../generated_pages/techniques/T0090.003.md\n",
"Updating ../generated_pages/techniques/T0090.004.md\n",
"Updating ../generated_pages/techniques/T0091.001.md\n",
"Updating ../generated_pages/techniques/T0091.002.md\n",
"Updating ../generated_pages/techniques/T0091.003.md\n",
"Updating ../generated_pages/techniques/T0092.001.md\n",
"Updating ../generated_pages/techniques/T0092.002.md\n",
"Updating ../generated_pages/techniques/T0092.003.md\n",
"Updating ../generated_pages/techniques/T0093.001.md\n",
"Updating ../generated_pages/techniques/T0093.002.md\n",
"Updating ../generated_pages/techniques/T0094.001.md\n",
"Updating ../generated_pages/techniques/T0094.002.md\n",
"Updating ../generated_pages/techniques/T0096.001.md\n",
"Updating ../generated_pages/techniques/T0096.002.md\n",
"Updating ../generated_pages/techniques/T0097.001.md\n",
"Updating ../generated_pages/techniques/T0098.001.md\n",
"Updating ../generated_pages/techniques/T0098.002.md\n",
"Updating ../generated_pages/techniques/T0099.001.md\n",
"Updating ../generated_pages/techniques/T0099.002.md\n",
"Updating ../generated_pages/techniques/T0100.001.md\n",
"Updating ../generated_pages/techniques/T0100.002.md\n",
"Updating ../generated_pages/techniques/T0100.003.md\n",
"Updating ../generated_pages/techniques/T0102.001.md\n",
"Updating ../generated_pages/techniques/T0102.002.md\n",
"Updating ../generated_pages/techniques/T0102.003.md\n",
"Updating ../generated_pages/techniques/T0103.001.md\n",
"Updating ../generated_pages/techniques/T0103.002.md\n",
"Updating ../generated_pages/techniques/T0104.001.md\n",
"Updating ../generated_pages/techniques/T0104.002.md\n",
"Updating ../generated_pages/techniques/T0104.003.md\n",
"Updating ../generated_pages/techniques/T0104.004.md\n",
"Updating ../generated_pages/techniques/T0104.005.md\n",
"Updating ../generated_pages/techniques/T0104.006.md\n",
"Updating ../generated_pages/techniques/T0105.001.md\n",
"Updating ../generated_pages/techniques/T0105.002.md\n",
"Updating ../generated_pages/techniques/T0105.003.md\n",
"Updating ../generated_pages/techniques/T0106.001.md\n",
"Updating ../generated_pages/techniques/T0111.001.md\n",
"Updating ../generated_pages/techniques/T0111.002.md\n",
"Updating ../generated_pages/techniques/T0111.003.md\n",
"Updating ../generated_pages/techniques/T0114.001.md\n",
"Updating ../generated_pages/techniques/T0114.002.md\n",
"Updating ../generated_pages/techniques/T0115.001.md\n",
"Updating ../generated_pages/techniques/T0115.002.md\n",
"Updating ../generated_pages/techniques/T0115.003.md\n",
"Updating ../generated_pages/techniques/T0116.001.md\n",
"Updating ../generated_pages/techniques/T0119.001.md\n",
"Updating ../generated_pages/techniques/T0119.002.md\n",
"Updating ../generated_pages/techniques/T0119.003.md\n",
"Updating ../generated_pages/techniques/T0120.001.md\n",
"Updating ../generated_pages/techniques/T0120.002.md\n",
"Updating ../generated_pages/techniques/T0121.001.md\n",
"Updating ../generated_pages/techniques/T0123.001.md\n",
"Updating ../generated_pages/techniques/T0123.002.md\n",
"Updating ../generated_pages/techniques/T0123.003.md\n",
"Updating ../generated_pages/techniques/T0123.004.md\n",
"Updating ../generated_pages/techniques/T0124.001.md\n",
"Updating ../generated_pages/techniques/T0124.002.md\n",
"Updating ../generated_pages/techniques/T0124.003.md\n",
"Updating ../generated_pages/techniques/T0126.001.md\n",
"Updating ../generated_pages/techniques/T0126.002.md\n",
"Updating ../generated_pages/techniques/T0127.001.md\n",
"Updating ../generated_pages/techniques/T0127.002.md\n",
"Updating ../generated_pages/techniques/T0128.001.md\n",
"Updating ../generated_pages/techniques/T0128.002.md\n",
"Updating ../generated_pages/techniques/T0128.003.md\n",
"Updating ../generated_pages/techniques/T0128.004.md\n",
"Updating ../generated_pages/techniques/T0128.005.md\n",
"Updating ../generated_pages/techniques/T0129.001.md\n",
"Updating ../generated_pages/techniques/T0129.002.md\n",
"Updating ../generated_pages/techniques/T0129.003.md\n",
"Updating ../generated_pages/techniques/T0129.004.md\n",
"Updating ../generated_pages/techniques/T0129.005.md\n",
"Updating ../generated_pages/techniques/T0129.006.md\n",
"Updating ../generated_pages/techniques/T0129.007.md\n",
"Updating ../generated_pages/techniques/T0129.008.md\n",
"Updating ../generated_pages/techniques/T0129.009.md\n",
"Updating ../generated_pages/techniques/T0129.010.md\n",
"Updating ../generated_pages/techniques/T0130.001.md\n",
"Updating ../generated_pages/techniques/T0130.002.md\n",
"Updating ../generated_pages/techniques/T0130.003.md\n",
"Updating ../generated_pages/techniques/T0130.004.md\n",
"Updating ../generated_pages/techniques/T0130.005.md\n",
"Updating ../generated_pages/techniques/T0131.001.md\n",
"Updating ../generated_pages/techniques/T0131.002.md\n",
"Updating ../generated_pages/techniques/T0132.001.md\n",
"Updating ../generated_pages/techniques/T0132.002.md\n",
"Updating ../generated_pages/techniques/T0132.003.md\n",
"Updating ../generated_pages/techniques/T0133.001.md\n",
"Updating ../generated_pages/techniques/T0133.002.md\n",
"Updating ../generated_pages/techniques/T0133.003.md\n",
"Updating ../generated_pages/techniques/T0133.004.md\n",
"Updating ../generated_pages/techniques/T0133.005.md\n",
"Updating ../generated_pages/techniques/T0134.001.md\n",
"Updating ../generated_pages/techniques/T0134.002.md\n",
"Temp: objecttype task\n",
"updated ../generated_pages/tasks_index.md\n",
"Temp: objecttype incident\n",