{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Generate DISARM files\n", "\n", "Generate DISARM files and database objects from the DISARM master spreadsheets." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 1. Generate DISARM github pages" ] }, { "cell_type": "code", "execution_count": 1, "metadata": { "scrolled": true }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "updated ../generated_pages/disarm_red_framework.md\n", "updated ../generated_files/disarm_red_framework_clickable.html\n", "updated ../generated_pages/disarm_blue_framework.md\n", "updated ../generated_files/disarm_blue_framework_clickable.html\n", "Temp: objecttype phase\n", "updated ../generated_pages/phases_index.md\n", "Temp: objecttype tactic\n", "updated ../generated_pages/tactics_index.md\n", "Updating ../generated_pages/tactics/TA01.md\n", "Updating ../generated_pages/tactics/TA02.md\n", "Updating ../generated_pages/tactics/TA05.md\n", "Updating ../generated_pages/tactics/TA06.md\n", "Updating ../generated_pages/tactics/TA07.md\n", "Updating ../generated_pages/tactics/TA08.md\n", "Updating ../generated_pages/tactics/TA09.md\n", "Updating ../generated_pages/tactics/TA10.md\n", "Updating ../generated_pages/tactics/TA11.md\n", "Updating ../generated_pages/tactics/TA12.md\n", "Updating ../generated_pages/tactics/TA13.md\n", "Updating ../generated_pages/tactics/TA14.md\n", "Updating ../generated_pages/tactics/TA15.md\n", "Updating ../generated_pages/tactics/TA16.md\n", "Updating ../generated_pages/tactics/TA17.md\n", "Updating ../generated_pages/tactics/TA18.md\n", "Temp: objecttype technique\n", "updated ../generated_pages/techniques_index.md\n", "Temp: objecttype task\n", "updated ../generated_pages/tasks_index.md\n", "Temp: objecttype incident\n", "updated ../generated_pages/incidents_index.md\n", "Temp: objecttype counter\n", "updated ../generated_pages/counters_index.md\n", "Temp: objecttype metatechnique\n", "updated ../generated_pages/metatechniques_index.md\n", "Temp: objecttype actortype\n", "updated ../generated_pages/actortypes_index.md\n", "updated ../generated_pages/responsetype_index.md\n", "updated ../generated_pages/detections_index.md\n", "updated ../generated_pages/tactics_by_responsetype_table.md\n", "updated ../generated_pages/metatechniques_by_responsetype_table.md\n" ] } ], "source": [ "import pandas as pd\n", "from generate_DISARM_pages import Disarm\n", "disarm = Disarm()\n", "disarm.generate_and_write_datafiles()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 2. Generate DISARM STIX objects" ] }, { "cell_type": "code", "execution_count": 2, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "'conduct-center-of-gravity-analysis' is not a recognized DISARM Tactic.\n", "'drive-offline-activity' is not a recognized DISARM Tactic.\n" ] } ], "source": [ "import sys\n", "sys.path.insert(0, \"DISARM-STIX2\")\n", "from main import generate_disarm_stix\n", "\n", "generate_disarm_stix()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 3. Generate DISARM database objects" ] }, { "cell_type": "code", "execution_count": 3, "metadata": {}, "outputs": [], "source": [ "from generate_disarm_sql import generate_disarm_sql\n", "\n", "generate_disarm_sql('sqlite')\n", "generate_disarm_sql('postgresql_local')" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 4 (optional). Look at datasets" ] }, { "cell_type": "code", "execution_count": 4, "metadata": { "scrolled": true }, "outputs": [ { "data": { "text/html": [ "
\n", " | disarm_id | \n", "name | \n", "summary | \n", "sector_ids | \n", "framework_ids | \n", "longname | \n", "Jon's comments/questions | \n", "
---|---|---|---|---|---|---|---|
0 | \n", "A001 | \n", "data scientist | \n", "Person who can wrangle data, implement machine... | \n", "S001, S002, S003, S004, S005, S006, S007, S008... | \n", "FW01, FW02 | \n", "A001 - data scientist | \n", "What actual actions do data scientists execute... | \n", "
1 | \n", "A002 | \n", "target | \n", "Person being targeted by disinformation campaign | \n", "S001, S002, S003, S004, S005, S006, S007, S008... | \n", "FW02 | \n", "A002 - target | \n", "Both red and blue framework users will refer t... | \n", "
2 | \n", "A003 | \n", "trusted authority | \n", "Influencer | \n", "S001, S002, S003, S004, S005, S006, S007, S008... | \n", "FW01, FW02 | \n", "A003 - trusted authority | \n", "Is A003 best summarised by the word \"Inluencer... | \n", "
3 | \n", "A004 | \n", "activist | \n", "\n", " | S002 | \n", "FW02 | \n", "A004 - activist | \n", "What does this actortype do? | \n", "
4 | \n", "A005 | \n", "community group | \n", "\n", " | S002 | \n", "FW02 | \n", "A005 - community group | \n", "What does this actortype do? | \n", "
5 | \n", "A006 | \n", "educator | \n", "\n", " | S002 | \n", "FW02 | \n", "A006 - educator | \n", "\n", " |
6 | \n", "A007 | \n", "factchecker | \n", "Someone with the skills to verify whether info... | \n", "S002 | \n", "FW02 | \n", "A007 - factchecker | \n", "\n", " |
7 | \n", "A008 | \n", "library | \n", "\n", " | S002 | \n", "FW02 | \n", "A008 - library | \n", "Is this an actortype? A sub-sector, yes. But w... | \n", "
8 | \n", "A009 | \n", "NGO | \n", "\n", " | S002 | \n", "FW02 | \n", "A009 - NGO | \n", "This is a sector, not an actortype | \n", "
9 | \n", "A010 | \n", "religious organisation | \n", "\n", " | S002 | \n", "FW02 | \n", "A010 - religious organisation | \n", "\"Faith communities\" are a sub-sector of the Ci... | \n", "
10 | \n", "A011 | \n", "school | \n", "\n", " | S002 | \n", "FW02 | \n", "A011 - school | \n", "This is a subsector of S004 - not an actortype... | \n", "
11 | \n", "A012 | \n", "account owner | \n", "Anyone who owns an account online | \n", "S006 | \n", "FW01\\nFW02 | \n", "A012 - account owner | \n", "\n", " |
12 | \n", "A013 | \n", "content creator | \n", "\n", " | S006 | \n", "FW01\\nFW02 | \n", "A013 - content creator | \n", "\n", " |
13 | \n", "A014 | \n", "elves | \n", "\n", " | S006 | \n", "FW02 | \n", "A014 - elves | \n", "??? SJ, you have told me, but I've forgotten | \n", "
14 | \n", "A015 | \n", "general public | \n", "\n", " | S006 | \n", "FW02 | \n", "A015 - general public | \n", "Duplication of a field in the sector object. B... | \n", "
15 | \n", "A016 | \n", "influencer | \n", "\n", " | S006 | \n", "FW01\\nFW02 | \n", "A016 - influencer | \n", "\n", " |
16 | \n", "A017 | \n", "coordinating body | \n", "For example the DHS | \n", "S003 | \n", "FW02 | \n", "A017 - coordinating body | \n", "\"Response coordinator\"? Or just 'Coordinator\" | \n", "
17 | \n", "A018 | \n", "government | \n", "Government agencies | \n", "S003 | \n", "FW01\\nFW02 | \n", "A018 - government | \n", "DHS (A017) is \"government\". Again, this is a f... | \n", "
18 | \n", "A019 | \n", "military | \n", "\n", " | S003 | \n", "FW02 | \n", "A019 - military | \n", "A019 is a sub-sector of \"government\". Again, t... | \n", "
19 | \n", "A020 | \n", "policy maker | \n", "\n", " | S003 | \n", "FW02 | \n", "A020 - policy maker | \n", "\n", " |
20 | \n", "A021 | \n", "media organisation | \n", "\n", " | S010 | \n", "FW01\\nFW02 | \n", "A021 - media organisation | \n", "Not an actortype. The actor is perhaps as the ... | \n", "
21 | \n", "A022 | \n", "company | \n", "\n", " | S009 | \n", "FW02 | \n", "A022 - company | \n", "\n", " |
22 | \n", "A023 | \n", "adtech provider | \n", "\n", " | S008 | \n", "FW02 | \n", "A023 - adtech provider | \n", "Should Adtech be a called-out subsector of S00... | \n", "
23 | \n", "A024 | \n", "developer | \n", "\n", " | S008 | \n", "FW02 | \n", "A024 - developer | \n", "\n", " |
24 | \n", "A025 | \n", "funding_site_admin | \n", "Funding site admin | \n", "S008 | \n", "FW02 | \n", "A025 - funding_site_admin | \n", "What is this? | \n", "
25 | \n", "A026 | \n", "games designer | \n", "\n", " | S008 | \n", "FW01, FW02 | \n", "A026 - games designer | \n", "Just \"Designer\"? Would the TTP context not mak... | \n", "
26 | \n", "A027 | \n", "information security | \n", "\n", " | S008 | \n", "FW02 | \n", "A027 - information security | \n", "\n", " |
27 | \n", "A028 | \n", "platform administrator | \n", "\n", " | S008 | \n", "FW02 | \n", "A028 - platform administrator | \n", "Just \"Administrator\"? | \n", "
28 | \n", "A029 | \n", "server admininistrator | \n", "\n", " | S008 | \n", "FW02 | \n", "A029 - server admininistrator | \n", "Just \"Administrator\"? (de-duplicating A028) | \n", "
29 | \n", "A030 | \n", "platforms | \n", "\n", " | S007 | \n", "FW02 | \n", "A030 - platforms | \n", "The same as S007? If there is an action here, ... | \n", "
30 | \n", "A031 | \n", "social media platform adminstrator | \n", "Person with the authority to make changes to a... | \n", "S007 | \n", "FW02 | \n", "A031 - social media platform adminstrator | \n", "Not needed, given A028. The sector selection d... | \n", "
31 | \n", "A032 | \n", "social media platform outreach | \n", "\n", " | S007 | \n", "FW02 | \n", "A032 - social media platform outreach | \n", "What does this do? | \n", "
32 | \n", "A033 | \n", "social media platform owner | \n", "Person with authority to make changes to a soc... | \n", "S007 | \n", "FW02 | \n", "A033 - social media platform owner | \n", "\n", " |