infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed a typo

master
Marcus Bakker 2019-05-20 14:54:16 +02:00
parent 621ac3a367
commit 2f480b0c4e
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dettact.py
View File

@ -57,7 +57,7 @@ def init_menu():
action='store_true') action='store_true')
parser_visibility.add_argument('-e', '--excel', help='generate an Excel sheet with all administrated techniques', parser_visibility.add_argument('-e', '--excel', help='generate an Excel sheet with all administrated techniques',
action='store_true') action='store_true')
parser_visibility.add_argument('-o', '--overlay', help='generate a visibility layer overlayed with detections for ' parser_visibility.add_argument('-o', '--overlay', help='generate a visibility layer overlaid with detections for '
'the ATT&CK navigator', action='store_true') 'the ATT&CK navigator', action='store_true')
parser_visibility.add_argument('--health', help='check the technique YAML file for errors', action='store_true') parser_visibility.add_argument('--health', help='check the technique YAML file for errors', action='store_true')
@ -80,7 +80,7 @@ def init_menu():
action='store_true') action='store_true')
parser_detection.add_argument('-e', '--excel', help='generate an Excel sheet with all administrated techniques', parser_detection.add_argument('-e', '--excel', help='generate an Excel sheet with all administrated techniques',
action='store_true') action='store_true')
parser_detection.add_argument('-o', '--overlay', help='generate a detection layer overlayed with visibility for ' parser_detection.add_argument('-o', '--overlay', help='generate a detection layer overlaid with visibility for '
'the ATT&CK navigator', action='store_true') 'the ATT&CK navigator', action='store_true')
parser_detection.add_argument('-g', '--graph', help='generate a graph with detections added through time', parser_detection.add_argument('-g', '--graph', help='generate a graph with detections added through time',
action='store_true') action='store_true')

6
interactive_menu.py
View File

@ -264,7 +264,7 @@ def menu_detection(filename_t):
print('') print('')
print('Select what you want to do:') print('Select what you want to do:')
print('2. Generate a layer for detection coverage for the ATT&CK Navigator.') print('2. Generate a layer for detection coverage for the ATT&CK Navigator.')
print('3. Generate a layer for detection coverage overlayed with visibility for the ATT&CK Navigator.') print('3. Generate a layer for detection coverage overlaid with visibility for the ATT&CK Navigator.')
print('4. Generate a graph with detections added through time.') print('4. Generate a graph with detections added through time.')
print('5. Generate an Excel sheet with all administrated techniques.') print('5. Generate an Excel sheet with all administrated techniques.')
print('6. Check the technique YAML file for errors.') print('6. Check the technique YAML file for errors.')
@ -323,7 +323,7 @@ def menu_visibility(filename_t, filename_ds):
print('') print('')
print('Select what you want to do:') print('Select what you want to do:')
print('2. Generate a layer for visibility for the ATT&CK Navigator.') print('2. Generate a layer for visibility for the ATT&CK Navigator.')
print('3. Generate a layer for visibility overlayed with detection coverage for the ATT&CK Navigator.') print('3. Generate a layer for visibility overlaid with detection coverage for the ATT&CK Navigator.')
print('4. Generate an Excel sheet with all administrated techniques.') print('4. Generate an Excel sheet with all administrated techniques.')
print('5. Check the technique YAML file for errors.') print('5. Check the technique YAML file for errors.')
print('9. Back to main menu.') print('9. Back to main menu.')
@ -336,7 +336,7 @@ def menu_visibility(filename_t, filename_ds):
generate_visibility_layer(filename_t, filename_ds, False, filter_applicable_to) generate_visibility_layer(filename_t, filename_ds, False, filter_applicable_to)
wait() wait()
elif choice == '3': elif choice == '3':
print('Writing visibility coverage layer overlayed with detections...') print('Writing visibility coverage layer overlaid with detections...')
generate_visibility_layer(filename_t, filename_ds, True, filter_applicable_to) generate_visibility_layer(filename_t, filename_ds, True, filter_applicable_to)
wait() wait()
elif choice == '4': elif choice == '4':

10
technique_mapping.py
View File

@ -6,7 +6,7 @@ import xlsxwriter
def generate_detection_layer(filename_techniques, filename_data_sources, overlay, filter_applicable_to): def generate_detection_layer(filename_techniques, filename_data_sources, overlay, filter_applicable_to):
""" """
Generates layer for detection coverage and optionally an overlayed version with visibility coverage. Generates layer for detection coverage and optionally an overlaid version with visibility coverage.
:param filename_techniques: the filename of the yaml file containing the techniques administration :param filename_techniques: the filename of the yaml file containing the techniques administration
:param filename_data_sources: the filename of the yaml file containing the data sources administration :param filename_data_sources: the filename of the yaml file containing the data sources administration
:param overlay: boolean value to specify if an overlay between detection and visibility should be generated :param overlay: boolean value to specify if an overlay between detection and visibility should be generated
@ -21,14 +21,14 @@ def generate_detection_layer(filename_techniques, filename_data_sources, overlay
else: else:
my_techniques, name, platform = load_techniques(filename_techniques, 'all', filter_applicable_to) my_techniques, name, platform = load_techniques(filename_techniques, 'all', filter_applicable_to)
my_data_sources = _load_data_sources(filename_data_sources) my_data_sources = _load_data_sources(filename_data_sources)
mapped_techniques_both = _map_and_colorize_techniques_for_overlayed(my_techniques, my_data_sources, filter_applicable_to) mapped_techniques_both = _map_and_colorize_techniques_for_overlaid(my_techniques, my_data_sources, filter_applicable_to)
layer_both = get_layer_template_layered('Visibility and Detection ' + name + ' ' + filter_applicable_to, 'description', 'attack', platform) layer_both = get_layer_template_layered('Visibility and Detection ' + name + ' ' + filter_applicable_to, 'description', 'attack', platform)
_write_layer(layer_both, mapped_techniques_both, 'visibility_and_detection', filter_applicable_to, name) _write_layer(layer_both, mapped_techniques_both, 'visibility_and_detection', filter_applicable_to, name)
def generate_visibility_layer(filename_techniques, filename_data_sources, overlay, filter_applicable_to): def generate_visibility_layer(filename_techniques, filename_data_sources, overlay, filter_applicable_to):
""" """
Generates layer for visibility coverage and optionally an overlayed version with detection coverage. Generates layer for visibility coverage and optionally an overlaid version with detection coverage.
:param filename_techniques: the filename of the yaml file containing the techniques administration :param filename_techniques: the filename of the yaml file containing the techniques administration
:param filename_data_sources: the filename of the yaml file containing the data sources administration :param filename_data_sources: the filename of the yaml file containing the data sources administration
:param overlay: boolean value to specify if an overlay between detection and visibility should be generated :param overlay: boolean value to specify if an overlay between detection and visibility should be generated
@ -44,7 +44,7 @@ def generate_visibility_layer(filename_techniques, filename_data_sources, overla
_write_layer(layer_visibility, mapped_techniques_visibility, 'visibility', filter_applicable_to, name) _write_layer(layer_visibility, mapped_techniques_visibility, 'visibility', filter_applicable_to, name)
else: else:
my_techniques, name, platform = load_techniques(filename_techniques, 'all', filter_applicable_to) my_techniques, name, platform = load_techniques(filename_techniques, 'all', filter_applicable_to)
mapped_techniques_both = _map_and_colorize_techniques_for_overlayed(my_techniques, my_data_sources, filter_applicable_to) mapped_techniques_both = _map_and_colorize_techniques_for_overlaid(my_techniques, my_data_sources, filter_applicable_to)
layer_both = get_layer_template_layered('Visibility and Detection ' + name + ' ' + filter_applicable_to, 'description', 'attack', platform) layer_both = get_layer_template_layered('Visibility and Detection ' + name + ' ' + filter_applicable_to, 'description', 'attack', platform)
_write_layer(layer_both, mapped_techniques_both, 'visibility_and_detection', filter_applicable_to, name) _write_layer(layer_both, mapped_techniques_both, 'visibility_and_detection', filter_applicable_to, name)
@ -233,7 +233,7 @@ def _map_and_colorize_techniques_for_visibility(my_techniques, my_data_sources):
return mapped_techniques return mapped_techniques
def _map_and_colorize_techniques_for_overlayed(my_techniques, my_data_sources, filter_applicable_to): def _map_and_colorize_techniques_for_overlaid(my_techniques, my_data_sources, filter_applicable_to):
""" """
Determine the color of the techniques based on both detection and visibility. Determine the color of the techniques based on both detection and visibility.
:param my_techniques: the configured techniques :param my_techniques: the configured techniques