infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added support for Navigator 4.1 and the metada divider

master
Marcus Bakker 2020-12-21 16:52:56 +01:00
parent de357bf156
commit 5d211341c6
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
generic.py
View File

@ -218,7 +218,7 @@ def _get_base_template(name, description, platform, sorting):
"""
layer = dict()
layer['name'] = name
layer['versions'] = {'navigator': '4.0', 'layer': '4.0'}
layer['versions'] = {'navigator': '4.1', 'layer': '4.1'}
layer['domain'] = 'enterprise-attack'
layer['description'] = description
@ -935,7 +935,7 @@ def make_layer_metadata_compliant(metadata):
:return: compliant list of metadata dictionaries
"""
for md_item in metadata:
if not md_item['value'] or md_item['value'] == '':
if not 'divider' in md_item.keys() and (not md_item['value'] or md_item['value'] == ''):
md_item['value'] = '-'
return metadata
@ -952,7 +952,7 @@ def add_metadata_technique_object(technique, obj_type, metadata):
if obj_type not in ['detection', 'visibility']:
raise Exception("Invalid value for 'obj_type' provided.")
metadata.append({'name': '------', 'value': ' '})
metadata.append({'divider': True})
metadata.append({'name': 'Applicable to', 'value': ', '.join(set([a for v in technique[obj_type] for a in v['applicable_to']]))}) # noqa
metadata.append({'name': '' + obj_type.capitalize() + ' score', 'value': ', '.join([str(calculate_score(technique[obj_type]))])}) # noqa
if obj_type == 'detection':

8
technique_mapping.py
View File

@ -2,6 +2,7 @@ import simplejson
import xlsxwriter
from generic import *
from datetime import datetime
from copy import deepcopy
# Imports for pandas and plotly are because of performance reasons in the function that uses these libraries.
@ -193,7 +194,7 @@ def _map_and_colorize_techniques_for_detections(my_techniques):
x['metadata'].append({'name': 'Technique comment', 'value': detection['comment']})
x['metadata'].append({'name': 'Detection comment', 'value': get_latest_comment(detection)})
if cnt != tcnt:
x['metadata'].append({'name': '------', 'value': ' '})
x['metadata'].append({'divider': True})
cnt += 1
x['metadata'] = make_layer_metadata_compliant(x['metadata'])
mapped_techniques.append(x)
@ -243,7 +244,7 @@ def _map_and_colorize_techniques_for_visibility(my_techniques, my_data_sources,
x['metadata'].append({'name': 'Available data sources', 'value': my_ds})
x['metadata'].append({'name': 'ATT&CK data sources', 'value': ', '.join(get_applicable_data_sources_technique(technique.get('x_mitre_data_sources', ''),
applicable_data_sources))})
x['metadata'].append({'name': '------', 'value': ' '})
x['metadata'].append({'divider': True})
x['score'] = s
cnt = 1
@ -255,9 +256,8 @@ def _map_and_colorize_techniques_for_visibility(my_techniques, my_data_sources,
x['metadata'].append({'name': 'Technique comment', 'value': visibility['comment']})
x['metadata'].append({'name': 'Visibility comment', 'value': get_latest_comment(visibility)})
if cnt != tcnt:
x['metadata'].append({'name': '------', 'value': ' '})
x['metadata'].append({'divider': True})
cnt += 1
x['metadata'] = make_layer_metadata_compliant(x['metadata'])
mapped_techniques.append(x)
else: