Only show message about sub-techniques added when there's a detection score and visibility score is not auto_generated
parent
524501a3ba
commit
29917f9a69
14
upgrade.py
14
upgrade.py
|
@ -419,7 +419,7 @@ def upgrade_to_sub_techniques(filename, notify_only=False):
|
||||||
:param notify_only: set to True by 'check_yaml_updated_to_sub_techniques' when no automatic upgrade of techniques can be performed because these require manual action
|
:param notify_only: set to True by 'check_yaml_updated_to_sub_techniques' when no automatic upgrade of techniques can be performed because these require manual action
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
from generic import init_yaml, backup_file, load_attack_data, get_technique, get_technique_from_yaml, remove_technique_from_yaml, ask_yes_no, local_stix_path
|
from generic import init_yaml, backup_file, load_attack_data, get_technique, get_technique_from_yaml, remove_technique_from_yaml, ask_yes_no, local_stix_path, get_latest_score, get_latest_auto_generated
|
||||||
|
|
||||||
if not notify_only and not ask_yes_no('DeTT&CT is going to update \'' + filename + '\' to ATT&CK with sub-techniques. A backup of this file will be generated. Do you want to continue:'):
|
if not notify_only and not ask_yes_no('DeTT&CT is going to update \'' + filename + '\' to ATT&CK with sub-techniques. A backup of this file will be generated. Do you want to continue:'):
|
||||||
quit()
|
quit()
|
||||||
|
@ -480,7 +480,17 @@ def upgrade_to_sub_techniques(filename, notify_only=False):
|
||||||
change_name = True
|
change_name = True
|
||||||
# Only check if "new sub-techniques added" is within the explanation:
|
# Only check if "new sub-techniques added" is within the explanation:
|
||||||
if 'new sub-techniques added' in migrate_item['explanation'].lower():
|
if 'new sub-techniques added' in migrate_item['explanation'].lower():
|
||||||
subtech_added_msgs.append(migrate_item['id'])
|
has_detection = False
|
||||||
|
is_auto_generated = False
|
||||||
|
if isinstance(yaml_technique['detection'], dict): # There is just one detection entry
|
||||||
|
has_detection = get_latest_score(yaml_technique['detection']) >= 0
|
||||||
|
is_auto_generated = get_latest_auto_generated(yaml_technique['visibility'])
|
||||||
|
elif isinstance(yaml_technique['detection'], list): # There are multiple detection entries
|
||||||
|
has_detection = len([d for d in yaml_technique['detection'] if get_latest_score(d) >= 0]) > 0
|
||||||
|
is_auto_generated = any([get_latest_auto_generated(v) for v in yaml_technique['visibility']])
|
||||||
|
|
||||||
|
if has_detection or not is_auto_generated:
|
||||||
|
subtech_added_msgs.append(migrate_item['id'])
|
||||||
elif item['change-type'] == 'Became a Sub-Technique':
|
elif item['change-type'] == 'Became a Sub-Technique':
|
||||||
# Conversion from technique to sub-technique:
|
# Conversion from technique to sub-technique:
|
||||||
yaml_technique['technique_id'] = migrate_item['id']
|
yaml_technique['technique_id'] = migrate_item['id']
|
||||||
|
|
Loading…
Reference in New Issue