infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added both detection and visibility score to detection/visibility overlay.

master
Ruben Bouman 2019-05-15 10:05:19 +02:00
parent 249bf07f4c
commit 24be857eb2
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
group_mapping.py
View File

@ -328,7 +328,7 @@ def get_technique_count(groups, groups_overlay, groups_software, overlay_type, a
def get_technique_layer(techniques_count, groups, overlay, groups_software, overlay_file_type, overlay_type,
all_techniques, max_tech_count_group):
all_techniques):
"""
Create the technique layer that will be part of the ATT&CK navigator json file
:param techniques_count: involved techniques with count (to be used within the scores)
@ -338,7 +338,6 @@ def get_technique_layer(techniques_count, groups, overlay, groups_software, over
:param overlay_file_type: the file type of the YAML file as present in the key 'file_type'
:param overlay_type: group, visibility or detection
:param all_techniques: dictionary with all techniques loaded from techniques administration YAML file
:param max_tech_count_group: the maximum number of times a technique is used among threat actor groups
:return: dictionary
"""
techniques_layer = []
@ -384,7 +383,8 @@ def get_technique_layer(techniques_count, groups, overlay, groups_software, over
# Add applicable_to to metadata in case of overlay for detection/visibility:
if overlay_file_type == FILE_TYPE_TECHNIQUE_ADMINISTRATION:
metadata_dict['Applicable to'] = set([a for v in all_techniques[tech][overlay_type] for a in v['applicable_to']])
metadata_dict[overlay_type.capitalize() + ' score'] = [str(techniques_count[tech]['count'] - max_tech_count_group)]
metadata_dict['Detection score'] = [str(calculate_score(all_techniques[tech]['detection']))]
metadata_dict['Visibility score'] = [str(calculate_score(all_techniques[tech]['visibility']))]
if 'Overlay' not in metadata_dict:
metadata_dict['Overlay'] = set()
@ -508,7 +508,7 @@ def generate_group_heat_map(groups, overlay, overlay_type, stage, platform, soft
technique_count, max_tech_count_group = get_technique_count(groups_dict, overlay_dict, groups_software_dict, overlay_type, all_techniques)
technique_layer = get_technique_layer(technique_count, groups_dict, overlay_dict, groups_software_dict,
overlay_file_type, overlay_type, all_techniques, max_tech_count_group)
overlay_file_type, overlay_type, all_techniques)
# make a list group names for the involved groups.
if groups == ['all']: