mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2024-10-01 01:45:36 -04:00

History

VVX7 fd84d4c13d update stix generator for OpenCTI compatability		2022-07-03 19:09:05 -04:00
..
__pycache__	subtechnique description updates	2022-07-02 15:40:09 -04:00
helpers	subtechnique description updates	2022-07-02 15:40:09 -04:00
objects	update stix generator for OpenCTI compatability	2022-07-03 19:09:05 -04:00
.DS_Store	Added EEAS framework objects and STIX generator	2022-02-20 15:40:34 -05:00
main.py	update stix generator for OpenCTI compatability	2022-07-03 19:09:05 -04:00
README.md	Added EEAS framework objects and STIX generator	2022-02-20 15:40:34 -05:00
requirements.txt	Added EEAS framework objects and STIX generator	2022-02-20 15:40:34 -05:00

README.md

DISARM STIX2 Generator

Usage

Clone this repository.
Download the latest version of the DISARM Framework xlsx here.
Copy the xlsx to the root directory of this repository.
Run python3 main.py to generate STIX objects in the output/ folder.
output/DISARM.json contains the complete STIX bundle. The folders in output/ contain individual objects for reference.

DISARM STIX2

The DISARM STIX2 Generator encodes the DISARM object into the corresponding STIX2 object shown in the following table.

DISARM	STIX2
Matrix	Matrix (MITRE custom)
Tactic	Tactic (MITRE custom)
Technique	AttackPattern

MITRE ATT&CK Navigator

DISARM STIX is compatible with the MITRE ATT&CK Navigator.

DISARM object types, such as Matrix, Tatic are prefixed with x-mitre-- for compatibility reasons.

DISARM AttackPattern objects also contain x_mitre_is_subtechnique and x_mitre_platforms properties for compatability. These properties cannot be removed without upstream changes to the ATT&CK Navigator.

OpenCTI

DISARM STIX can be imported into OpenCTI via the OpenCTI STIX Importer plugin which is installed in OpenCTI by default. Alternatively, use the OpenCTI DISARM plugin to continuously pull the latest DISARM STIX.