Merge branch 'development' of https://github.com/marcusbakker/DeTTECT-private into development
commit
842a0f4989
|
@ -1,6 +1,6 @@
|
|||
FROM python:3.8-slim-buster
|
||||
|
||||
LABEL version="1.3.1"
|
||||
LABEL version="1.4.0"
|
||||
|
||||
# copy DeTT&CT and install the requirements
|
||||
COPY . /opt/DeTTECT
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<img src="https://github.com/rabobank-cdc/DeTTECT/wiki/images/logo.png" alt="DeTT&CT" width=30% height=30%>
|
||||
|
||||
#### Detect Tactics, Techniques & Combat Threats
|
||||
Latest version: [1.3.1](https://github.com/rabobank-cdc/DeTTECT/wiki/Changelog#version-131)
|
||||
Latest version: [1.4.0](https://github.com/rabobank-cdc/DeTTECT/wiki/Changelog#version-140)
|
||||
|
||||
To get started with DeTT&CT, check out this [page](https://github.com/rabobank-cdc/DeTTECT/wiki/Getting-started), our [talk](https://www.youtube.com/watch?v=_kWpekkhomU) at hack.lu 2019 and our blog on:
|
||||
- [mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack](https://www.mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack) or
|
||||
|
|
|
@ -2,7 +2,7 @@ import re
|
|||
|
||||
APP_NAME = 'DeTT&CT'
|
||||
APP_DESC = 'Detect Tactics, Techniques & Combat Threats'
|
||||
VERSION = '1.3.1'
|
||||
VERSION = '1.4'
|
||||
|
||||
EXPIRE_TIME = 60 * 60 * 24
|
||||
|
||||
|
@ -119,14 +119,14 @@ V_UPDATE_ACTION_DIFF = 'the user decides to update or not'
|
|||
|
||||
# YAML regex
|
||||
REGEX_YAML_VERSION_10 = re.compile(r'^\s*version:\s+1\.0\s*$', re.IGNORECASE)
|
||||
REGEX_YAML_TECHNIQUE_ID = re.compile(r'^-\s+technique_id:\s+T[0-9]{4}\s*$', re.IGNORECASE)
|
||||
REGEX_YAML_TECHNIQUE_ID_FORMAT = re.compile(r'T[0-9]{4}', re.IGNORECASE)
|
||||
REGEX_YAML_TECHNIQUE_ID = re.compile(r'^-\s+technique_id:\s+T\d{4}(\.\d{3}|)\s*$', re.IGNORECASE)
|
||||
REGEX_YAML_TECHNIQUE_ID_FORMAT = re.compile(r'T\d{4}(\.\d{3}|)', re.IGNORECASE)
|
||||
REGEX_YAML_DETECTION = re.compile(r'^\s+detection:\s*$', re.IGNORECASE)
|
||||
REGEX_YAML_VISIBILITY = re.compile(r'^\s+visibility:\s*$', re.IGNORECASE)
|
||||
REGEX_YAML_INDENT_CHARS = re.compile(r'(^[\s-]+).*', re.IGNORECASE)
|
||||
REGEX_YAML_VALID_DATE = re.compile(r'([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01]))', re.IGNORECASE)
|
||||
REGEX_YAML_DATE = re.compile(r'^[\s-]+date:.*$', re.IGNORECASE)
|
||||
REGEX_YAML_TECHNIQUE_ID_GROUP = re.compile(r'^-\s+technique_id:\s+(T[0-9]{4})\s*$', re.IGNORECASE)
|
||||
REGEX_YAML_TECHNIQUE_ID_GROUP = re.compile(r'^-\s+technique_id:\s+(T\d{4})\s*$', re.IGNORECASE)
|
||||
|
||||
# YAML objects
|
||||
YAML_OBJ_VISIBILITY = {'applicable_to': ['all'],
|
||||
|
|
|
@ -42,23 +42,23 @@ import { notificationMixin } from '@/mixins/NotificationMixins.js';
|
|||
export default {
|
||||
data() {
|
||||
return {
|
||||
newID: ''
|
||||
newID: '',
|
||||
};
|
||||
},
|
||||
mixins: [autoSuggestMixins, notificationMixin],
|
||||
props: {
|
||||
group: {
|
||||
type: Object,
|
||||
required: true
|
||||
required: true,
|
||||
},
|
||||
valueAttr: {
|
||||
type: String,
|
||||
required: true
|
||||
required: true,
|
||||
},
|
||||
platforms: {
|
||||
type: Array,
|
||||
required: true
|
||||
}
|
||||
required: true,
|
||||
},
|
||||
},
|
||||
methods: {
|
||||
deleteItem(event) {
|
||||
|
@ -80,11 +80,11 @@ export default {
|
|||
return;
|
||||
}
|
||||
// performs two checks for a valid ID, and exit if not valid
|
||||
if (!this.newID.match(/\b(S|T)\d{4}\b/i)) {
|
||||
if (!this.newID.match(/\b(S\d{4}|T\d{4}(\.\d{3}|))\b/i)) {
|
||||
this.notifyInvalid(this.newID);
|
||||
return;
|
||||
}
|
||||
let id = this.newID.match(/\b((S|T)\d{4})\b/i)[0].toUpperCase();
|
||||
let id = this.newID.match(/\b((S\d{4}|T\d{4}(\.\d{3}|)))\b/i)[0].toUpperCase();
|
||||
if ((this.itemIdName == 'technique_id' && !id.startsWith('T')) || (this.itemIdName == 'software_id' && !id.startsWith('S'))) {
|
||||
this.notifyInvalid(id);
|
||||
return;
|
||||
|
@ -113,7 +113,7 @@ export default {
|
|||
let title = 'Invalid ' + this.formattedTitle;
|
||||
let msg = "'" + id + "' is an invalid " + this.formattedTitle + '.';
|
||||
this.notifyWarning(title, msg);
|
||||
}
|
||||
},
|
||||
},
|
||||
computed: {
|
||||
filteredSuggestionList() {
|
||||
|
@ -123,7 +123,7 @@ export default {
|
|||
for (let i = 0; i < this.suggestionList.length; i++) {
|
||||
if (
|
||||
this.platforms[0] == 'all' ||
|
||||
(this.platforms.some(item => this.suggestionList[i]['platforms'].includes(item)) &&
|
||||
(this.platforms.some((item) => this.suggestionList[i]['platforms'].includes(item)) &&
|
||||
!this.group[this.itemIdName].includes(this.suggestionList[i][this.itemIdName]))
|
||||
) {
|
||||
tmpList.push(this.suggestionList[i]);
|
||||
|
@ -133,7 +133,7 @@ export default {
|
|||
},
|
||||
formattedTitle() {
|
||||
return this.itemIdName.replace('_', ' ').replace('id', 'ID');
|
||||
}
|
||||
}
|
||||
},
|
||||
},
|
||||
};
|
||||
</script>
|
||||
|
|
|
@ -113,13 +113,13 @@ export default {
|
|||
return;
|
||||
}
|
||||
// performs two checks for a valid ID, and exit if not valid
|
||||
if (!this.tmpItemId.match(/\bT\d{4}\b/i)) {
|
||||
if (!this.tmpItemId.match(/\bT\d{4}(\.\d{3}|)\b/i)) {
|
||||
if (event.target.id != 'checkmark') {
|
||||
this.notifyInvalid(this.tmpItemId);
|
||||
}
|
||||
return;
|
||||
}
|
||||
let id = this.tmpItemId.match(/\b(T\d{4})\b/i)[0].toUpperCase();
|
||||
let id = this.tmpItemId.match(/\b(T\d{4}(\.\d{3}|))\b/i)[0].toUpperCase();
|
||||
if (!id.startsWith('T')) {
|
||||
if (event.target.id != 'checkmark') {
|
||||
this.notifyInvalid(id);
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -127,19 +127,19 @@ export default {
|
|||
filters: {
|
||||
filter: {
|
||||
value: '',
|
||||
keys: ['group_name', 'campaign', 'enabled']
|
||||
}
|
||||
keys: ['group_name', 'campaign', 'enabled'],
|
||||
},
|
||||
},
|
||||
data_columns: ['group_name', 'campaign', 'enabled'],
|
||||
groupFileToRender: 'https://raw.githubusercontent.com/wiki/rabobank-cdc/DeTTECT/YAML-administration-groups.md',
|
||||
groupHelpText: null,
|
||||
emptyGroupObject: constants.YAML_OBJ_GROUP
|
||||
emptyGroupObject: constants.YAML_OBJ_GROUP,
|
||||
};
|
||||
},
|
||||
mixins: [pageMixin, notificationMixin],
|
||||
components: {
|
||||
GroupsDetail,
|
||||
Icons
|
||||
Icons,
|
||||
},
|
||||
created: function() {
|
||||
this.preloadMarkDown();
|
||||
|
@ -215,7 +215,7 @@ export default {
|
|||
}
|
||||
|
||||
for (let x = 0; x < yaml_input.groups[i].technique_id.length; x++) {
|
||||
if (yaml_input.groups[i].technique_id[x].match(/^T[0-9]{4}$/i) == null) {
|
||||
if (yaml_input.groups[i].technique_id[x].match(/^T\d{4}(\.\d{3}|)$/i) == null) {
|
||||
yaml_input.groups[i].technique_id.splice(x, 1);
|
||||
}
|
||||
if (yaml_input.groups[i].technique_id[x] != undefined) {
|
||||
|
@ -223,7 +223,7 @@ export default {
|
|||
}
|
||||
}
|
||||
for (let x = 0; x < yaml_input.groups[i].software_id.length; x++) {
|
||||
if (yaml_input.groups[i].software_id[x].match(/^S[0-9]{4}$/i) == null) {
|
||||
if (yaml_input.groups[i].software_id[x].match(/^S\d{4}$/i) == null) {
|
||||
yaml_input.groups[i].software_id.splice(x, 1);
|
||||
}
|
||||
if (yaml_input.groups[i].software_id[x] != undefined) {
|
||||
|
@ -289,20 +289,20 @@ export default {
|
|||
|
||||
this.groupHelpText = 'Loading the help content...';
|
||||
this.$http.get(this.groupFileToRender).then(
|
||||
response => {
|
||||
(response) => {
|
||||
this.groupHelpText = response.body.replace(/\[(.+)\](\([#\w-]+\))/gm, '$1'); // remove links to other wiki pages
|
||||
this.groupHelpText = this.groupHelpText.match(/## Group object((.*|\n)*)/gim, '$1')[0];
|
||||
this.groupHelpText = this.groupHelpText.replace(/^## Group object/gim, '');
|
||||
},
|
||||
// eslint-disable-next-line no-unused-vars
|
||||
response => {
|
||||
(response) => {
|
||||
this.groupHelpText = 'An error occurred while loading the help content.';
|
||||
}
|
||||
);
|
||||
},
|
||||
notifyInvalidFileType(filename) {
|
||||
this.notifyDanger('Invalid YAML file type', "The file '" + filename + "' is not a valid group administration file.");
|
||||
}
|
||||
},
|
||||
},
|
||||
filters: {
|
||||
listToString: function(value) {
|
||||
|
@ -311,8 +311,8 @@ export default {
|
|||
} else {
|
||||
return value;
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
},
|
||||
};
|
||||
</script>
|
||||
|
||||
|
|
Loading…
Reference in New Issue