infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added support for the new Navgiator v3.0 format.

master
Ruben Bouman 2020-06-29 16:53:45 +02:00
parent 842a0f4989
commit 3a1f5f4cea
4 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
data_source_mapping.py
View File

@ -283,6 +283,7 @@ def _map_and_colorize_techniques(my_ds, platforms, exceptions):
applicable_data_sources))},
{'name': '-Products', 'value': ', '.join(v['products'])}]
d['metadata'] = make_layer_metadata_compliant(d['metadata'])
d['showSubtechniques'] = True
output_techniques.append(d)

20
generic.py
View File

@ -211,7 +211,7 @@ def _get_base_template(name, description, stage, platform, sorting):
"""
layer = dict()
layer['name'] = name
layer['version'] = '2.2'
layer['version'] = '3.0'
layer['domain'] = 'mitre-enterprise'
layer['description'] = description
@ -224,8 +224,9 @@ def _get_base_template(name, description, stage, platform, sorting):
layer['filters'] = {'stages': ['prepare'], 'platforms': platform}
layer['sorting'] = sorting
layer['viewMode'] = 0
layer['layout'] = {"layout": "flat", "showName": True, "showID": False}
layer['hideDisable'] = False
layer['selectSubtechniquesWithParent'] = False
layer['techniques'] = []
layer['showTacticRowBackground'] = False
@ -237,8 +238,7 @@ def _get_base_template(name, description, stage, platform, sorting):
def get_layer_template_groups(name, max_count, description, stage, platform, overlay_type):
"""
Prepares a base template for the json layer file that can be loaded into the MITRE ATT&CK Navigator.
More information on the version 2.2 layer format:
https://github.com/mitre/attack-navigator/blob/master/layers/LAYERFORMATv2_1.md
More information on the layer format can be found here: https://github.com/mitre/attack-navigator/blob/master/layers/
:param name: name
:param max_count: the sum of all count values
:param description: description
@ -287,8 +287,7 @@ def get_layer_template_groups(name, max_count, description, stage, platform, ove
def get_layer_template_detections(name, description, stage, platform):
"""
Prepares a base template for the json layer file that can be loaded into the MITRE ATT&CK Navigator.
More information on the version 2.2 layer format:
https://github.com/mitre/attack-navigator/blob/master/layers/LAYERFORMATv2_1.md
More information on the layer format can be found here: https://github.com/mitre/attack-navigator/blob/master/layers/
:param name: name
:param description: description
:param stage: stage (act | prepare)
@ -311,8 +310,7 @@ def get_layer_template_detections(name, description, stage, platform):
def get_layer_template_data_sources(name, description, stage, platform):
"""
Prepares a base template for the json layer file that can be loaded into the MITRE ATT&CK Navigator.
More information on the version 2.2 layer format:
https://github.com/mitre/attack-navigator/blob/master/layers/LAYERFORMATv2_1.md
More information on the layer format can be found here: https://github.com/mitre/attack-navigator/blob/master/layers/
:param name: name
:param description: description
:param stage: stage (act | prepare)
@ -334,8 +332,7 @@ def get_layer_template_data_sources(name, description, stage, platform):
def get_layer_template_visibility(name, description, stage, platform):
"""
Prepares a base template for the json layer file that can be loaded into the MITRE ATT&CK Navigator.
More information on the version 2.2 layer format:
https://github.com/mitre/attack-navigator/blob/master/layers/LAYERFORMATv2_1.md
More information on the layer format can be found here: https://github.com/mitre/attack-navigator/blob/master/layers/
:param name: name
:param description: description
:param stage: stage (act | prepare)
@ -356,8 +353,7 @@ def get_layer_template_visibility(name, description, stage, platform):
def get_layer_template_layered(name, description, stage, platform):
"""
Prepares a base template for the json layer file that can be loaded into the MITRE ATT&CK Navigator.
More information on the version 2.2 layer format:
https://github.com/mitre/attack-navigator/blob/master/layers/LAYERFORMATv2_1.md
More information on the layer format can be found here: https://github.com/mitre/attack-navigator/blob/master/layers/
:param name: name
:param description: description
:param stage: stage (act | prepare)

1
group_mapping.py
View File

@ -370,6 +370,7 @@ def _get_technique_layer(techniques_count, groups, overlay, groups_software, ove
t = dict()
t['techniqueID'] = tech
t['score'] = v['count']
t['showSubtechniques'] = True
t['metadata'] = []
metadata_dict = dict()

3
technique_mapping.py
View File

@ -177,6 +177,7 @@ def _map_and_colorize_techniques_for_detections(my_techniques):
x['tactic'] = tactic.lower().replace(' ', '-')
x['metadata'] = []
x['score'] = s
x['showSubtechniques'] = True
cnt = 1
tcnt = len([d for d in technique_data['detection'] if get_latest_score(d) >= 0])
for detection in technique_data['detection']:
@ -242,6 +243,7 @@ def _map_and_colorize_techniques_for_visibility(my_techniques, my_data_sources,
applicable_data_sources))})
x['metadata'].append({'name': '---', 'value': '---'})
x['score'] = s
x['showSubtechniques'] = True
cnt = 1
tcnt = len(technique_data['visibility'])
@ -328,6 +330,7 @@ def _map_and_colorize_techniques_for_overlaid(my_techniques, my_data_sources, pl
x['metadata'].append({'name': '-Available data sources', 'value': my_ds})
x['metadata'].append({'name': '-ATT&CK data sources', 'value': ', '.join(get_applicable_data_sources_technique(technique['x_mitre_data_sources'],
applicable_data_sources))})
x['showSubtechniques'] = True
# Metadata for detection and visibility:
for obj_type in ['detection', 'visibility']:
tcnt = len([obj for obj in technique_data[obj_type] if get_latest_score(obj) >= 0])