{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Generate DISARM files\n", "\n", "Generate DISARM files and database objects from the DISARM master spreadsheets." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 1. Generate DISARM github pages" ] }, { "cell_type": "code", "execution_count": 1, "metadata": { "scrolled": true }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "updated ../generated_pages/disarm_red_framework.md\n", "updated ../generated_files/disarm_red_framework_clickable.html\n", "updated ../generated_pages/disarm_blue_framework.md\n", "updated ../generated_files/disarm_blue_framework_clickable.html\n", "Temp: objecttype phase\n", "updated ../generated_pages/phases_index.md\n", "Temp: objecttype tactic\n", "updated ../generated_pages/tactics_index.md\n", "Temp: objecttype technique\n", "updated ../generated_pages/techniques_index.md\n", "Temp: objecttype task\n", "updated ../generated_pages/tasks_index.md\n", "Temp: objecttype incident\n", "updated ../generated_pages/incidents_index.md\n", "Temp: objecttype counter\n", "updated ../generated_pages/counters_index.md\n", "Temp: objecttype metatechnique\n", "updated ../generated_pages/metatechniques_index.md\n", "Temp: objecttype actortype\n", "updated ../generated_pages/actortypes_index.md\n", "updated ../generated_pages/responsetype_index.md\n", "updated ../generated_pages/detections_index.md\n", "updated ../generated_pages/tactics_by_responsetype_table.md\n", "updated ../generated_pages/metatechniques_by_responsetype_table.md\n" ] } ], "source": [ "import pandas as pd\n", "from generate_DISARM_pages import Disarm\n", "disarm = Disarm()\n", "disarm.generate_and_write_datafiles()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 2. Generate DISARM STIX objects" ] }, { "cell_type": "code", "execution_count": 2, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "'conduct-center-of-gravity-analysis' is not a recognized DISARM Tactic.\n", "'drive-offline-activity' is not a recognized DISARM Tactic.\n" ] } ], "source": [ "import sys\n", "sys.path.insert(0, \"DISARM-STIX2\")\n", "from main import generate_disarm_stix\n", "\n", "generate_disarm_stix()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 3. Generate DISARM database objects" ] }, { "cell_type": "code", "execution_count": 3, "metadata": {}, "outputs": [], "source": [ "from generate_disarm_sql import generate_disarm_sql\n", "\n", "generate_disarm_sql('sqlite')\n", "generate_disarm_sql('postgresql_local')" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Step 4 (optional). Look at datasets" ] }, { "cell_type": "code", "execution_count": 4, "metadata": { "scrolled": true }, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
disarm_idnamesummarysector_idsframework_idslongnameJon's comments/questions
0A001data scientistPerson who can wrangle data, implement machine...S001, S002, S003, S004, S005, S006, S007, S008...FW01, FW02A001 - data scientistWhat actual actions do data scientists execute...
1A002targetPerson being targeted by disinformation campaignS001, S002, S003, S004, S005, S006, S007, S008...FW02A002 - targetBoth red and blue framework users will refer t...
2A003trusted authorityInfluencerS001, S002, S003, S004, S005, S006, S007, S008...FW01, FW02A003 - trusted authorityIs A003 best summarised by the word \"Inluencer...
3A004activistS002FW02A004 - activistWhat does this actortype do?
4A005community groupS002FW02A005 - community groupWhat does this actortype do?
5A006educatorS002FW02A006 - educator
6A007factcheckerSomeone with the skills to verify whether info...S002FW02A007 - factchecker
7A008libraryS002FW02A008 - libraryIs this an actortype? A sub-sector, yes. But w...
8A009NGOS002FW02A009 - NGOThis is a sector, not an actortype
9A010religious organisationS002FW02A010 - religious organisation\"Faith communities\" are a sub-sector of the Ci...
10A011schoolS002FW02A011 - schoolThis is a subsector of S004 - not an actortype...
11A012account ownerAnyone who owns an account onlineS006FW01\\nFW02A012 - account owner
12A013content creatorS006FW01\\nFW02A013 - content creator
13A014elvesS006FW02A014 - elves??? SJ, you have told me, but I've forgotten
14A015general publicS006FW02A015 - general publicDuplication of a field in the sector object. B...
15A016influencerS006FW01\\nFW02A016 - influencer
16A017coordinating bodyFor example the DHSS003FW02A017 - coordinating body\"Response coordinator\"? Or just 'Coordinator\"
17A018governmentGovernment agenciesS003FW01\\nFW02A018 - governmentDHS (A017) is \"government\". Again, this is a f...
18A019militaryS003FW02A019 - militaryA019 is a sub-sector of \"government\". Again, t...
19A020policy makerS003FW02A020 - policy maker
20A021media organisationS010FW01\\nFW02A021 - media organisationNot an actortype. The actor is perhaps as the ...
21A022companyS009FW02A022 - company
22A023adtech providerS008FW02A023 - adtech providerShould Adtech be a called-out subsector of S00...
23A024developerS008FW02A024 - developer
24A025funding_site_adminFunding site adminS008FW02A025 - funding_site_adminWhat is this?
25A026games designerS008FW01, FW02A026 - games designerJust \"Designer\"? Would the TTP context not mak...
26A027information securityS008FW02A027 - information security
27A028platform administratorS008FW02A028 - platform administratorJust \"Administrator\"?
28A029server admininistratorS008FW02A029 - server admininistratorJust \"Administrator\"? (de-duplicating A028)
29A030platformsS007FW02A030 - platformsThe same as S007? If there is an action here, ...
30A031social media platform adminstratorPerson with the authority to make changes to a...S007FW02A031 - social media platform adminstratorNot needed, given A028. The sector selection d...
31A032social media platform outreachS007FW02A032 - social media platform outreachWhat does this do?
32A033social media platform ownerPerson with authority to make changes to a soc...S007FW02A033 - social media platform owner
\n", "
" ], "text/plain": [ " disarm_id name \\\n", "0 A001 data scientist \n", "1 A002 target \n", "2 A003 trusted authority \n", "3 A004 activist \n", "4 A005 community group \n", "5 A006 educator \n", "6 A007 factchecker \n", "7 A008 library \n", "8 A009 NGO \n", "9 A010 religious organisation \n", "10 A011 school \n", "11 A012 account owner \n", "12 A013 content creator \n", "13 A014 elves \n", "14 A015 general public \n", "15 A016 influencer \n", "16 A017 coordinating body \n", "17 A018 government \n", "18 A019 military \n", "19 A020 policy maker \n", "20 A021 media organisation \n", "21 A022 company \n", "22 A023 adtech provider \n", "23 A024 developer \n", "24 A025 funding_site_admin \n", "25 A026 games designer \n", "26 A027 information security \n", "27 A028 platform administrator \n", "28 A029 server admininistrator \n", "29 A030 platforms \n", "30 A031 social media platform adminstrator \n", "31 A032 social media platform outreach \n", "32 A033 social media platform owner \n", "\n", " summary \\\n", "0 Person who can wrangle data, implement machine... \n", "1 Person being targeted by disinformation campaign \n", "2 Influencer \n", "3 \n", "4 \n", "5 \n", "6 Someone with the skills to verify whether info... \n", "7 \n", "8 \n", "9 \n", "10 \n", "11 Anyone who owns an account online \n", "12 \n", "13 \n", "14 \n", "15 \n", "16 For example the DHS \n", "17 Government agencies \n", "18 \n", "19 \n", "20 \n", "21 \n", "22 \n", "23 \n", "24 Funding site admin \n", "25 \n", "26 \n", "27 \n", "28 \n", "29 \n", "30 Person with the authority to make changes to a... \n", "31 \n", "32 Person with authority to make changes to a soc... \n", "\n", " sector_ids framework_ids \\\n", "0 S001, S002, S003, S004, S005, S006, S007, S008... FW01, FW02 \n", "1 S001, S002, S003, S004, S005, S006, S007, S008... FW02 \n", "2 S001, S002, S003, S004, S005, S006, S007, S008... FW01, FW02 \n", "3 S002 FW02 \n", "4 S002 FW02 \n", "5 S002 FW02 \n", "6 S002 FW02 \n", "7 S002 FW02 \n", "8 S002 FW02 \n", "9 S002 FW02 \n", "10 S002 FW02 \n", "11 S006 FW01\\nFW02 \n", "12 S006 FW01\\nFW02 \n", "13 S006 FW02 \n", "14 S006 FW02 \n", "15 S006 FW01\\nFW02 \n", "16 S003 FW02 \n", "17 S003 FW01\\nFW02 \n", "18 S003 FW02 \n", "19 S003 FW02 \n", "20 S010 FW01\\nFW02 \n", "21 S009 FW02 \n", "22 S008 FW02 \n", "23 S008 FW02 \n", "24 S008 FW02 \n", "25 S008 FW01, FW02 \n", "26 S008 FW02 \n", "27 S008 FW02 \n", "28 S008 FW02 \n", "29 S007 FW02 \n", "30 S007 FW02 \n", "31 S007 FW02 \n", "32 S007 FW02 \n", "\n", " longname \\\n", "0 A001 - data scientist \n", "1 A002 - target \n", "2 A003 - trusted authority \n", "3 A004 - activist \n", "4 A005 - community group \n", "5 A006 - educator \n", "6 A007 - factchecker \n", "7 A008 - library \n", "8 A009 - NGO \n", "9 A010 - religious organisation \n", "10 A011 - school \n", "11 A012 - account owner \n", "12 A013 - content creator \n", "13 A014 - elves \n", "14 A015 - general public \n", "15 A016 - influencer \n", "16 A017 - coordinating body \n", "17 A018 - government \n", "18 A019 - military \n", "19 A020 - policy maker \n", "20 A021 - media organisation \n", "21 A022 - company \n", "22 A023 - adtech provider \n", "23 A024 - developer \n", "24 A025 - funding_site_admin \n", "25 A026 - games designer \n", "26 A027 - information security \n", "27 A028 - platform administrator \n", "28 A029 - server admininistrator \n", "29 A030 - platforms \n", "30 A031 - social media platform adminstrator \n", "31 A032 - social media platform outreach \n", "32 A033 - social media platform owner \n", "\n", " Jon's comments/questions \n", "0 What actual actions do data scientists execute... \n", "1 Both red and blue framework users will refer t... \n", "2 Is A003 best summarised by the word \"Inluencer... \n", "3 What does this actortype do? \n", "4 What does this actortype do? \n", "5 \n", "6 \n", "7 Is this an actortype? A sub-sector, yes. But w... \n", "8 This is a sector, not an actortype \n", "9 \"Faith communities\" are a sub-sector of the Ci... \n", "10 This is a subsector of S004 - not an actortype... \n", "11 \n", "12 \n", "13 ??? SJ, you have told me, but I've forgotten \n", "14 Duplication of a field in the sector object. B... \n", "15 \n", "16 \"Response coordinator\"? Or just 'Coordinator\" \n", "17 DHS (A017) is \"government\". Again, this is a f... \n", "18 A019 is a sub-sector of \"government\". Again, t... \n", "19 \n", "20 Not an actortype. The actor is perhaps as the ... \n", "21 \n", "22 Should Adtech be a called-out subsector of S00... \n", "23 \n", "24 What is this? \n", "25 Just \"Designer\"? Would the TTP context not mak... \n", "26 \n", "27 Just \"Administrator\"? \n", "28 Just \"Administrator\"? (de-duplicating A028) \n", "29 The same as S007? If there is an action here, ... \n", "30 Not needed, given A028. The sector selection d... \n", "31 What does this do? \n", "32 " ] }, "execution_count": 4, "metadata": {}, "output_type": "execute_result" } ], "source": [ "pd.set_option('display.max_rows', 1000)\n", "disarm.df_actortypes" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [] } ], "metadata": { "kernelspec": { "display_name": "Python 3", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.8.3" } }, "nbformat": 4, "nbformat_minor": 4 }