infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bugfix for https://github.com/rabobank-cdc/DeTTECT/issues/40

master
ruben 2020-12-17 12:50:56 +01:00
parent 55ff1092c5
commit 46f43d9a4a
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
interactive_menu.py
View File

@ -8,7 +8,7 @@ groups = 'all'
software_group = False software_group = False
default_platform = ['Windows'] default_platform = ['Windows']
default_matrix = 'enterprise' default_matrix = 'enterprise'
groups_overlay = '' groups_overlay = ['']
overlay_type = 'group' overlay_type = 'group'
yaml_path = 'sample-data/' yaml_path = 'sample-data/'
eql_all_scores = False eql_all_scores = False
@ -469,7 +469,7 @@ def _menu_groups():
print('2. Platform: %s' % ','.join(default_platform)) print('2. Platform: %s' % ','.join(default_platform))
print('3. Groups: %s' % groups) print('3. Groups: %s' % groups)
print('4. Overlay: ') print('4. Overlay: ')
print(' - %s: %s' % ('File' if os.path.exists(groups_overlay) else 'Groups', groups_overlay)) print(' - %s: %s' % ('File' if os.path.exists(groups_overlay[0]) else 'Groups', ",".join(groups_overlay)))
print(' - Type: %s' % overlay_type) print(' - Type: %s' % overlay_type)
print('5. EQL search: ') print('5. EQL search: ')
eql_d_str = '' if not eql_query_detection else eql_query_detection eql_d_str = '' if not eql_query_detection else eql_query_detection
@ -505,16 +505,16 @@ def _menu_groups():
'A group can be their ID, name or alias separated using commas. Other option is to provide a YAML ' 'A group can be their ID, name or alias separated using commas. Other option is to provide a YAML '
'file with a custom group(s).') 'file with a custom group(s).')
overlay_type = OVERLAY_TYPE_GROUP overlay_type = OVERLAY_TYPE_GROUP
groups_overlay = _ask_input() groups_overlay = _ask_input().split(",")
elif choice == '2': elif choice == '2':
overlay_type = OVERLAY_TYPE_DETECTION overlay_type = OVERLAY_TYPE_DETECTION
groups_overlay = _select_file(MENU_NAME_THREAT_ACTOR_GROUP_MAPPING, 'techniques', FILE_TYPE_TECHNIQUE_ADMINISTRATION, False) groups_overlay = [_select_file(MENU_NAME_THREAT_ACTOR_GROUP_MAPPING, 'techniques', FILE_TYPE_TECHNIQUE_ADMINISTRATION, False)]
elif choice == '3': elif choice == '3':
overlay_type = OVERLAY_TYPE_VISIBILITY overlay_type = OVERLAY_TYPE_VISIBILITY
groups_overlay = _select_file(MENU_NAME_THREAT_ACTOR_GROUP_MAPPING, 'techniques', FILE_TYPE_TECHNIQUE_ADMINISTRATION, False) groups_overlay = [_select_file(MENU_NAME_THREAT_ACTOR_GROUP_MAPPING, 'techniques', FILE_TYPE_TECHNIQUE_ADMINISTRATION, False)]
elif choice == '4': elif choice == '4':
overlay_type = '' overlay_type = ''
groups_overlay = '' groups_overlay = ['']
elif choice == '5': elif choice == '5':
print('') print('')
print('1. Only include detection objects which match the EQL query: ' + eql_d_str) print('1. Only include detection objects which match the EQL query: ' + eql_d_str)