Commit Graph

35 Commits (0300a0cf541508cad91adade4953e92c98258bbb)

Author SHA1 Message Date
Marcus Bakker bc9eca9a92 Added some addtional code comments 2020-06-19 09:08:18 +02:00
Ruben Bouman 931dd8ff25 Merge branch 'development' of https://github.com/marcusbakker/DeTTECT-private into development 2020-06-18 17:01:22 +02:00
Ruben Bouman 4c7ff2f095 Color shading for overlay files. 2020-06-18 17:01:16 +02:00
Marcus Bakker e7b3018677 Created a function to add the metadata as used within overlays 2020-06-12 10:54:41 +02:00
Ruben Bouman 217980bbd3 Introduced new option to set the name of the Navigator layer 2020-06-08 16:56:56 +02:00
Marcus Bakker ee144b374e Improved the metadata shown within overlays 2020-05-29 12:16:54 +02:00
Ruben Bouman 1ac6a4ce78 - Added output_filename as option for datasource, visbility, detection and group modes.
- Fixed bug when having both dates and datetimes in techniques YAML file.
2020-05-25 11:44:13 +02:00
Marcus Bakker 1dbfe7c248 Another fix for when 'software_id' is not present in a group YAML file 2020-01-30 16:28:46 +01:00
Maverick 721ffbb43a Fix having software_id present for group mapping
- As noted in the wiki, `software_id` is not a hard requirement for the
  group mapping to work, however, it was previously not taking into
  account that `software_id` maybe empty when getting group details.
2020-01-27 19:35:57 +01:00
Marcus Bakker b6a00a3955 Added new functionality to support a platform key-value pair in a group YAML file. 2019-12-06 13:50:16 +01:00
Ruben Bouman fb3a5982b8 Fix for a small bug that resulted in a stacktrace when using an invalid group name as overlay. 2019-11-14 15:12:26 +01:00
Ruben Bouman b5f970b8c2 Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.

Added health check on platform attribute in techniques administration file.

Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
Ruben Bouman 6efd04cb3b Don't overwrite output files if they already exist, but append a number to the filename as suffix. 2019-08-21 10:53:04 +02:00
Marcus Bakker 08b4c9c1ec Made the necessary changes to be compatible with the interactive menu. 2019-08-13 14:28:43 +02:00
Marcus Bakker b0757b6bbd Fixed a bug that caused a crash when having a 'group_name' or 'campaign' within a Group YAML with only integers. 2019-08-09 10:51:57 +02:00
Marcus Bakker 823c82a909 - Added new functionality to the function 'generate_group_heat_map' for the new EQL query functionality. And added support for the '--health' argument in the group mode.
- Removed functionality due to the deprecation of the argument '-a, --applicable'.
2019-08-08 14:46:30 +02:00
Marcus Bakker 3d11aa5835 - Added new functionality for Mitigations statistics.
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
Marcus Bakker a24f77146e A pre-attack Navigator layer's filename no longer contains a platform (which it does not support) 2019-07-31 11:59:17 +02:00
Marcus Bakker f4121bf4d0 - Replaced PyYAML with ruamel.yaml.
- Multiple functions made "private".
2019-07-31 10:19:51 +02:00
Marcus Bakker 3f4876a682 Increased performance by caching ATT&CK STIX objects were possible. 2019-07-15 14:55:39 +02:00
Marcus Bakker f3407f6ec4 - Made compatible with the latest version of attackcti (v0.2.6)
- Fixed a bug that caused the campaign name not to be displayed for a group (part of the Group YAML file)
2019-07-13 14:41:59 +02:00
Marcus Bakker f10e4ea9ab - The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
Ruben Bouman 9a9aa01355 Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files. 2019-05-15 14:43:25 +02:00
Ruben Bouman e745b3bfe4 Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development 2019-05-15 10:05:29 +02:00
Ruben Bouman 24be857eb2 Added both detection and visibility score to detection/visibility overlay. 2019-05-15 10:05:19 +02:00
Marcus Bakker 5fdcb2376d added a new option '--health' to check a technique administration YAML file on errors. 2019-05-14 12:58:06 +02:00
Marcus Bakker 5cbb419a09 Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility 2019-05-03 10:25:11 +02:00
Marcus Bakker 149362f9d8 Created 3 constants for overlay_type 2019-05-02 20:15:43 +02:00
Marcus Bakker f475c26ede Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development 2019-05-02 19:54:57 +02:00
Marcus Bakker e60d77fdf1 Added score (in the layer attribute "score" and as metadata) for detection/visibility when overlaid with a group 2019-05-02 19:54:32 +02:00
Ruben Bouman 9b52bf1136 Improvend the legend for group + detection and visibility overlays. 2019-05-02 16:47:40 +02:00
Ruben Bouman 78bc2f2842 Added support for multiple detections and visibility per technique in the technique administration YAML file.
Changed version number tot 1.1.

Improvements and fixes for the new detections/visibility Excel sheet.
2019-05-02 13:21:01 +02:00
Ruben Bouman 43d8b130a0 Added support for filtering applicable_to in groups overlayed with detection/visibility. Added docstrings. Fixed bug in arg parsing. 2019-04-24 16:15:04 +02:00
Marcus Bakker 26776f0468 Fixed a bug that would cause a crash when doing a software-group using a visibility or detection overlay 2019-04-23 13:21:27 +02:00
Marcus Bakker 8b5b397ebc initial commit 2019-03-29 15:26:25 +01:00