Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2024-10-01 01:45:36 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5569ebff2e
DISARMframeworks/CODE/DISARM-STIX2/README.md
Sara-Jayne Terp c11e9d06ad Added EEAS framework objects and STIX generator 
Added framework objects:
- Added technique T0066 "Degrade adversary" to TA02
- Added technique T0067 "Plan to discredit credible sources" to TA02
- Added technique T0068 "respond to breaking news event" to TA02
- Added technique T0069  "respond to active crisis" to TA02
- Added technique T0070 "Analyze existing communities" to TA02
- Added technique T0071 "Find echo chambers" to TA13
- Added technique T0072  "Segment audiences" to TA13

Added STIX generator from repo DISARM-stix2, and added code to generate github files, databases, and STIX from the same Jupyter notebook.
2022-02-20 15:40:34 -05:00

34 lines
1.4 KiB
Markdown
Raw Blame History

# DISARM STIX2 Generator
## Usage
1. Clone this repository.
2. Download the latest version of the DISARM Framework xlsx [here](https://github.com/DISARMFoundation/DISARMframeworks).
3. Copy the xlsx to the root directory of this repository.
4. Run `python3 main.py` to generate STIX objects in the `output/` folder.
5. `output/DISARM.json` contains the complete STIX bundle. The folders in `output/` contain individual objects for reference.
## DISARM STIX2
The DISARM STIX2 Generator encodes the DISARM object into the corresponding STIX2 object shown in the following table.
| DISARM | STIX2 |
|-----------|-----------------------|
| Matrix | Matrix (MITRE custom) |
| Tactic | Tactic (MITRE custom) |
| Technique | AttackPattern |
## MITRE ATT&CK Navigator
DISARM STIX is compatible with the MITRE ATT&CK Navigator.
DISARM object types, such as `Matrix`, `Tatic` are prefixed with `x-mitre--` for compatibility reasons.
DISARM `AttackPattern` objects also contain `x_mitre_is_subtechnique` and `x_mitre_platforms` properties for compatability. These properties cannot be removed without upstream changes to the ATT&CK Navigator.
## OpenCTI
DISARM STIX can be imported into OpenCTI via the OpenCTI STIX Importer plugin which is installed in OpenCTI by default.
Alternatively, use the OpenCTI DISARM plugin to continuously pull the latest DISARM STIX.
Reference in New Issue View Git Blame Copy Permalink