DISARMframeworks/CODE/generate_DISARM_incident_visualisations.ipynb
Sara-Jayne Terp 22abaf93d8 Copy AMITT repository, clean up and rebrand
Took a copy of the current AMITT github repository - we'll be updating this and merging the SPICE branch back in
Rebranded to DISARM
Moved generated pages to their own folder, to make looking at the repository less confusing
2022-01-29 11:34:46 -05:00

269 lines
7.3 KiB
Plaintext

{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Create AMITT incident visualisations\n",
"\n",
"Many thanks to https://python-graph-gallery.com/91-customize-seaborn-heatmap/"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"import seaborn as sns\n",
"import pandas as pd\n",
"import numpy as np\n",
"import generate_amitt_ttps\n",
"\n",
"# Check that heatmap works\n",
"df = pd.DataFrame(np.random.random((10,12)), columns=[\"a\",\"b\",\"c\",\"d\",\"e\",\"f\",\"g\",\"h\",\"i\",\"j\",\"k\",\"l\"])\n",
"sns.heatmap(df, annot=True, annot_kws={\"size\": 7})"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"amitt = generate_amitt_ttps.Amitt()\n",
"redgrid = amitt.create_padded_framework_table('AMITT Red', 'technique_ids', False)\n",
"\n",
"techcounts = amitt.it[['id_incident','id_technique']].drop_duplicates().groupby('id_technique').count().to_dict()['id_incident']\n",
"techlabels = redgrid[2:][:]\n",
"nrows = len(techlabels)\n",
"ncols = len(techlabels[0])\n",
"techgrid = np.zeros([nrows, ncols], dtype = int)\n",
"\n",
"for row in range(nrows):\n",
" for col in range(ncols):\n",
" if techlabels[row][col] in techcounts:\n",
" techgrid[row][col] = techcounts[techlabels[row][col]]\n",
"\n",
"sns.heatmap(techgrid, annot=True, annot_kws={\"size\": 7})\n",
"techgrid"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"amitt.df_tactics"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"amitt.it"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"ct = amitt.cross_counterid_techniqueid\n",
"ct[ct['technique_id'] != '']"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"ct[(ct['id'] == 'C00197') & (ct['technique_id'].isin(['T0002', 'T0007']))]"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"ct = ct[ct['technique_id'].isin(amitt.df_techniques['id'].to_list()) & ct['id'].isin(amitt.df_counters['id'].to_list())]\n",
"ct"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"technique_id_list = ['T0007', 'T0008', 'T0022', 'T0023', 'T0043', 'T0052', 'T0036', 'T0037', 'T0038']\n",
"counter_id_list = ['C00009', 'C00008', 'C00042', 'C00030', 'C00093', 'C00193', 'C00073', 'C000197', 'C00174', 'C00205']\n",
"possible_counters_for_techniques = ct[ct['technique_id'].isin(technique_id_list)] \n",
"possible_techniques_for_counters = ct[ct['id'].isin(counter_id_list)] \n",
"coverage = ct[(ct['id'].isin(counter_id_list)) & (ct['technique_id'].isin(technique_id_list))]\n",
"coverage"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"scrolled": true
},
"outputs": [],
"source": [
"possible_techniques_for_counters"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"scrolled": true
},
"outputs": [],
"source": [
"possible_counters_for_techniques"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"clicked button T0045 8 7\n",
"clicked button T0046 9 7\n",
"clicked button T0049 4 8\n",
"clicked button T0057 2 9\n",
"clicked button T0060 4 10\n",
"clicked button T0029 2 6\n",
"clicked button T0016 2 4\n"
]
}
],
"source": [
"import tkinter as Tk\n",
"import numpy as np\n",
"import generate_amitt_ttps\n",
"\n",
"class Begueradj(Tk.Frame):\n",
" def __init__(self,parent):\n",
" amitt = generate_amitt_ttps.Amitt()\n",
" self.redgrid = amitt.create_padded_framework_table('AMITT Red', 'technique_ids', False)\n",
" self.bluegrid = amitt.create_padded_framework_table('AMITT Blue', 'counter_ids', False)\n",
"\n",
" Tk.Frame.__init__(self, parent)\n",
" self.parent = parent\n",
" self.button= ''\n",
" self.initialize()\n",
" \n",
" def initialize(self):\n",
" '''\n",
" Draw the GUI\n",
" '''\n",
" self.parent.title(\"AMITT FRAMEWORK COVERAGE\") \n",
" self.parent.grid_rowconfigure(1,weight=1)\n",
" self.parent.grid_columnconfigure(1,weight=1)\n",
"\n",
" self.frame = Tk.Frame(self.parent) \n",
" self.frame.pack(fill=Tk.X, padx=5, pady=5)\n",
"\n",
" # Create a 6x7 array of zeros as the one you used\n",
" numrows = len(self.redgrid) - 1\n",
" numcols = len(self.redgrid[0])\n",
" self.buttons = {}\n",
" for row in range(1,numrows):\n",
" for col in range(0,numcols):\n",
" button_id = self.redgrid[row][col]\n",
" self.button = Tk.Button(self.frame, text = button_id, bg='blue', \n",
" command= lambda bid=button_id, row=row, col=col: self.clicked(bid, row, col))\n",
" self.button.grid(row=row, column=col)\n",
" \n",
" def clicked(self, bid, row, col):\n",
" print('clicked button {} {} {}'.format(bid, row, col))\n",
" self.find_in_grid(self.frame, row, col)\n",
"\n",
" def find_in_grid(self, frame, row, column):\n",
" for children in frame.children.values():\n",
" info = children.grid_info()\n",
" #note that rows and column numbers are stored as string\n",
" if info['row'] == str(row) and info['column'] == str(column):\n",
" print('{}'.format(children.get()))\n",
" return None\n",
"\n",
"root=Tk.Tk()\n",
"app = Begueradj(root) \n",
"root.mainloop()"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"scrolled": true
},
"outputs": [],
"source": [
"redgrid"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"for row in range(2,len(redgrid)):\n",
" print(len(redgrid[row]))"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"redgrid[1][2]"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.8.3"
}
},
"nbformat": 4,
"nbformat_minor": 2
}