Commit Graph

46 Commits (1ac6a4ce78ca7d58f508e1a940841e3a02008a18)

Author SHA1 Message Date
Ruben Bouman 1ac6a4ce78 - Added output_filename as option for datasource, visbility, detection and group modes.
- Fixed bug when having both dates and datetimes in techniques YAML file.
2020-05-25 11:44:13 +02:00
Ruben 23b0324e75 Bugfix: date in auto updated yaml file was in YYYY-MM-DD format what errors when auto updating the YAML again. Using long datetime format like in the Editor. 2020-04-16 15:18:27 +02:00
Ruben Bouman 68699a9e06 bugfix for using lowercase platform in data source yaml file, bugfix for having empty score logbook in techniques yaml file, small code style improvement 2020-03-03 14:49:19 +01:00
Marcus Bakker 363beab8a5 Mapped data sources to platforms 2020-02-10 12:17:00 +01:00
Marcus Bakker b6a00a3955 Added new functionality to support a platform key-value pair in a group YAML file. 2019-12-06 13:50:16 +01:00
Marcus Bakker 40657c4e06 Removing revoked ATT&CK STIX objects 2019-12-05 10:46:44 +01:00
Marcus Bakker 28b26fb92c Small fixes 2019-12-05 08:43:42 +01:00
Marcus Bakker a952c34cac Added new checks to make sure the metadata in a Navigator layer file is compliant with the expected data structure. Reported by @Sreeman. 2019-12-04 14:51:56 +01:00
Marcus Bakker dc092696f2 Fixed of a bug that caused a crash when having a None value for a detection or visibility comment. Reported by @Sreeman. 2019-11-29 12:17:33 +01:00
Ruben Bouman fdd4f7b4b7 Fixed two bugs:
- Using 'all' in a data soursce file to generate a YAML file does not work: empty file.
- Having 'all' in a data source and then use --yaml result in a weird filename: data-sources-a-l-l
2019-11-18 14:27:25 +01:00
Ruben Bouman dd4708a440 A small bug fix that resulted in an invalid Navigator layer file for a group/threat actor heat map, or when overlaid with a group, visibility or detection coverage. 2019-11-14 15:09:36 +01:00
Ruben Bouman f67cb194d4 Improved handling of multiple possible values for platform. 2019-11-05 10:21:42 +01:00
Ruben Bouman b5f970b8c2 Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.

Added health check on platform attribute in techniques administration file.

Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
Marcus Bakker 14852fb24a Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private 2019-08-20 11:16:05 +02:00
Marcus Bakker 81a8d18eff - Removed depreciated functionality.
- Moved health check functions to health.py
2019-08-20 11:15:54 +02:00
Ruben Bouman 45ca1b9e81 Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private 2019-08-20 09:15:52 +02:00
Ruben Bouman 90fc9278c9 Don't overwrite output files if they already exist, but append a number to the filename as suffix. 2019-08-20 09:15:41 +02:00
Marcus Bakker 84f9f0440a - Non-MITRE ATT&CK data sources are now also exported to Excel.
- Any ATT&CK data sources that are missing within the YAML file are added to the Excel with a comment stating it is missing.
2019-08-15 20:31:20 +02:00
Marcus Bakker 4fd39d46aa Removed an unnecessary try/catch block. 2019-08-13 14:29:54 +02:00
Marcus Bakker 025c302af5 - Removed the function 'try_get_key' (replaced by the native dict method 'get').
- Improved the function 'fix_date_and_remove_null' to make use of StringIO instead of writing temporary files to disk.
- Made the function 'get_latest_score_obj', 'public'. This function is needed within the module 'eql_yaml.py'.
- Removed functionality for the deprecated argument '-a, --applicable'.
- Added a try/except block to 'load_techniques', for when an EQL query resulted in invalid technique administration YAML content.
- Improved the health check to only to perform the health check, when the content of the YAML file changed. This results in a notable increase in performance.
2019-08-08 14:29:15 +02:00
Marcus Bakker c6d25a2f0f - Added functionally to remove null values from YAML file lines.
- Small improvement in the health check.
2019-08-02 11:47:58 +02:00
Marcus Bakker 3d11aa5835 - Added new functionality for Mitigations statistics.
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
Marcus Bakker d0f2a4946b - Made compatible with version 1.2 of the technique admin YAML file.
- Added new functionality for the auto-update of visibility scores.
- Added multiple new generic functions.
- Multiple small improvements to the technique admin YAML file health check.
- Replaced PyYAML with ruamel.yaml.
- Multiple functions made "private".
- Made compatible with v0.2.7 of attackcti.
2019-07-31 10:18:57 +02:00
Marcus Bakker 3f4876a682 Increased performance by caching ATT&CK STIX objects were possible. 2019-07-15 14:55:39 +02:00
Marcus Bakker e251c6157c Made compatible with the latest version of attackcti (v0.2.6) 2019-07-13 14:40:24 +02:00
Marcus Bakker 2dd9327955 removed an unnecessary print statement 2019-05-23 09:37:08 +02:00
Marcus Bakker f10e4ea9ab - The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
Ruben Bouman 111395c684 Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development 2019-05-15 14:43:32 +02:00
Ruben Bouman 9a9aa01355 Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files. 2019-05-15 14:43:25 +02:00
Marcus Bakker 7c027606d9 small improvement in the health check for tech. YAML files 2019-05-15 11:00:33 +02:00
Marcus Bakker ff492db9ff fixed a small bug in new code 2019-05-14 13:56:07 +02:00
Marcus Bakker 5fdcb2376d added a new option '--health' to check a technique administration YAML file on errors. 2019-05-14 12:58:06 +02:00
Marcus Bakker 5cbb419a09 Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility 2019-05-03 10:25:11 +02:00
Marcus Bakker 149362f9d8 Created 3 constants for overlay_type 2019-05-02 20:15:43 +02:00
Marcus Bakker f475c26ede Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development 2019-05-02 19:54:57 +02:00
Marcus Bakker b84e98c12b Converted float to int 2019-05-02 19:45:45 +02:00
Ruben Bouman 9b52bf1136 Improvend the legend for group + detection and visibility overlays. 2019-05-02 16:47:40 +02:00
Ruben Bouman 78bc2f2842 Added support for multiple detections and visibility per technique in the technique administration YAML file.
Changed version number tot 1.1.

Improvements and fixes for the new detections/visibility Excel sheet.
2019-05-02 13:21:01 +02:00
Marcus Bakker 8ff223c81c Merge remote-tracking branch 'origin/master' into development 2019-04-24 11:49:13 +02:00
Marcus Bakker 54953dc62c Fixed issue #3 (product list not appending for visibility ATT&CK layer) 2019-04-24 08:31:59 +02:00
Marcus Bakker 55010f8dbb Added functionality to migrate technique administration YAML files with version 1.0 to version 1.1 2019-04-23 13:19:29 +02:00
Ruben 0dd76c68a1 Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
# Conflicts:
#	technique_mapping.py
2019-04-17 13:43:46 +02:00
Ruben 3754dd39bc Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
# Conflicts:
#	technique_mapping.py
2019-04-17 13:41:55 +02:00
Marcus Bakker a9dcb4fa78 Added a more detailed error message for invalid YAML files 2019-04-15 14:06:36 +02:00
Marcus Bakker a90e03b2ea Rename to DeTT&CT 2019-04-08 07:24:38 +02:00
Marcus Bakker 8b5b397ebc initial commit 2019-03-29 15:26:25 +01:00