Added new functionality for Mitigations statistics
parent
5814446462
commit
cf4a55081c
15
dettect.py
15
dettect.py
|
@ -131,9 +131,12 @@ def _init_menu():
|
||||||
help='includes: statistics on ATT&CK data source and updates on techniques'
|
help='includes: statistics on ATT&CK data source and updates on techniques'
|
||||||
', groups and software', aliases=['ge'])
|
', groups and software', aliases=['ge'])
|
||||||
|
|
||||||
parser_generic.add_argument('-s', '--statistics', help='get a sorted count on how much techniques are covered by a '
|
parser_generic.add_argument('-ds', '--datasources', help='get a sorted count on how many ATT&CK Enterprise '
|
||||||
'particular data source', action='store_true')
|
'techniques are covered by a particular Data Source',
|
||||||
|
action='store_true')
|
||||||
|
parser_generic.add_argument('-m', '--mitigations', help='get a sorted count on how many ATT&CK Enterprise or '
|
||||||
|
'Mobile techniques are covered by a Mitigation',
|
||||||
|
choices=['enterprise', 'mobile'])
|
||||||
parser_generic.add_argument('-u', '--updates', help='get a sorted list for when updates were released for '
|
parser_generic.add_argument('-u', '--updates', help='get a sorted list for when updates were released for '
|
||||||
'techniques, groups or software',
|
'techniques, groups or software',
|
||||||
choices=['techniques', 'groups', 'software'])
|
choices=['techniques', 'groups', 'software'])
|
||||||
|
@ -211,8 +214,10 @@ def _menu(menu_parser):
|
||||||
print("[!] Filtering on 'applicable_to' is not supported for Excel output")
|
print("[!] Filtering on 'applicable_to' is not supported for Excel output")
|
||||||
|
|
||||||
elif args.subparser in ['generic', 'ge']:
|
elif args.subparser in ['generic', 'ge']:
|
||||||
if args.statistics:
|
if args.datasources:
|
||||||
get_statistics()
|
get_statistics_data_sources()
|
||||||
|
elif args.mitigations:
|
||||||
|
get_statistics_mitigations(args.mitigations)
|
||||||
elif args.updates:
|
elif args.updates:
|
||||||
get_updates(args.updates, args.sort)
|
get_updates(args.updates, args.sort)
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,9 @@ from constants import *
|
||||||
|
|
||||||
groups = 'all'
|
groups = 'all'
|
||||||
software_group = False
|
software_group = False
|
||||||
platform = 'Windows'
|
default_platform = 'Windows'
|
||||||
stage = 'attack'
|
default_stage = 'attack'
|
||||||
|
default_matrix = 'enterprise'
|
||||||
groups_overlay = ''
|
groups_overlay = ''
|
||||||
overlay_type = 'group'
|
overlay_type = 'group'
|
||||||
filter_applicable_to = 'all'
|
filter_applicable_to = 'all'
|
||||||
|
@ -194,12 +195,31 @@ def _menu_statistics():
|
||||||
Handles the Statistics functionality.
|
Handles the Statistics functionality.
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
|
global default_matrix
|
||||||
_clear()
|
_clear()
|
||||||
print('Menu: Statistics')
|
print('Menu: Statistics')
|
||||||
print('')
|
print('')
|
||||||
get_statistics()
|
print('Options:')
|
||||||
|
print('1. Matrix: %s' % default_matrix)
|
||||||
|
print('2. Get a sorted count on how many ATT&CK Enterprise techniques are covered by a particular Data Source.')
|
||||||
|
print('3. Get a sorted count on how many ATT&CK Enterprise or Mobile techniques are covered by a Mitigation.')
|
||||||
|
print('9. Back to main menu.')
|
||||||
|
choice = _ask_input()
|
||||||
|
if choice == '1':
|
||||||
|
print('Specify the matrix (enterprise or mobile):')
|
||||||
|
m = _ask_input().lower()
|
||||||
|
default_matrix = 'enterprise' if m == 'enterprise' else 'mobile'
|
||||||
|
elif choice == '2':
|
||||||
|
get_statistics_data_sources()
|
||||||
|
elif choice == '3':
|
||||||
|
get_statistics_mitigations(default_matrix)
|
||||||
|
elif choice == '9':
|
||||||
|
interactive_menu()
|
||||||
|
elif choice == 'q':
|
||||||
|
quit()
|
||||||
|
|
||||||
_wait()
|
_wait()
|
||||||
interactive_menu()
|
_menu_statistics()
|
||||||
|
|
||||||
|
|
||||||
def _menu_data_source(filename_ds):
|
def _menu_data_source(filename_ds):
|
||||||
|
@ -366,14 +386,14 @@ def _menu_groups():
|
||||||
Prints and handles the Threat actor group mapping functionality.
|
Prints and handles the Threat actor group mapping functionality.
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
global groups, software_group, platform, stage, groups_overlay, overlay_type, filter_applicable_to
|
global groups, software_group, default_platform, default_stage, groups_overlay, overlay_type, filter_applicable_to
|
||||||
_clear()
|
_clear()
|
||||||
print('Menu: %s' % MENU_NAME_THREAT_ACTOR_GROUP_MAPPING)
|
print('Menu: %s' % MENU_NAME_THREAT_ACTOR_GROUP_MAPPING)
|
||||||
print('')
|
print('')
|
||||||
print('Options:')
|
print('Options:')
|
||||||
print('1. Software group: %s' % str(software_group))
|
print('1. Software group: %s' % str(software_group))
|
||||||
print('2. Platform: %s' % platform)
|
print('2. Platform: %s' % default_platform)
|
||||||
print('3. Stage: %s' % stage)
|
print('3. Stage: %s' % default_stage)
|
||||||
print('4. Groups: %s' % groups)
|
print('4. Groups: %s' % groups)
|
||||||
print('5. Overlay: ')
|
print('5. Overlay: ')
|
||||||
print(' - %s: %s' % ('File' if os.path.exists(groups_overlay) else 'Groups', groups_overlay))
|
print(' - %s: %s' % ('File' if os.path.exists(groups_overlay) else 'Groups', groups_overlay))
|
||||||
|
@ -390,11 +410,11 @@ def _menu_groups():
|
||||||
elif choice == '2':
|
elif choice == '2':
|
||||||
print('Specify platform (all, Linux, macOS, Windows):')
|
print('Specify platform (all, Linux, macOS, Windows):')
|
||||||
p = _ask_input().lower()
|
p = _ask_input().lower()
|
||||||
platform = 'Windows' if p == 'windows' else 'Linux' if p == 'linux' else 'macOS' if p == 'macos' else 'all'
|
default_platform = 'Windows' if p == 'windows' else 'Linux' if p == 'linux' else 'macOS' if p == 'macos' else 'all'
|
||||||
elif choice == '3':
|
elif choice == '3':
|
||||||
print('Specify stage (pre-attack, attack):')
|
print('Specify stage (pre-attack, attack):')
|
||||||
s = _ask_input().lower()
|
s = _ask_input().lower()
|
||||||
stage = 'pre-attack' if s == 'pre-attack' else 'attack'
|
default_stage = 'pre-attack' if s == 'pre-attack' else 'attack'
|
||||||
elif choice == '4':
|
elif choice == '4':
|
||||||
print('Specify the groups to include separated using commas. Group can be their ID, name or alias '
|
print('Specify the groups to include separated using commas. Group can be their ID, name or alias '
|
||||||
'(default is all groups). Other option is to provide a YAML file with a custom group(s)')
|
'(default is all groups). Other option is to provide a YAML file with a custom group(s)')
|
||||||
|
@ -426,7 +446,7 @@ def _menu_groups():
|
||||||
print('Specify your filter for the applicable_to field:')
|
print('Specify your filter for the applicable_to field:')
|
||||||
filter_applicable_to = _ask_input().lower()
|
filter_applicable_to = _ask_input().lower()
|
||||||
elif choice == '7':
|
elif choice == '7':
|
||||||
generate_group_heat_map(groups, groups_overlay, overlay_type, stage, platform, software_group, filter_applicable_to)
|
generate_group_heat_map(groups, groups_overlay, overlay_type, default_stage, default_platform, software_group, filter_applicable_to)
|
||||||
_wait()
|
_wait()
|
||||||
elif choice == '9':
|
elif choice == '9':
|
||||||
interactive_menu()
|
interactive_menu()
|
||||||
|
|
Loading…
Reference in New Issue