Marcus Bakker
163d21488a
Added improved error checking on invalid YAML content returned from an EQL query.
2019-08-20 11:14:31 +02:00
Marcus Bakker
98067447c6
Implemented a health check for data source administration YAML files.
2019-08-20 11:14:07 +02:00
Marcus Bakker
248c6a07d8
Added an extra check for a possible empty 'comment' key-value pair.
2019-08-20 11:13:25 +02:00
Marcus Bakker
47dfc8bb8d
Bumped the version to 1.2.0
2019-08-20 11:06:09 +02:00
Ruben Bouman
45ca1b9e81
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 09:15:52 +02:00
Ruben Bouman
90fc9278c9
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-20 09:15:41 +02:00
Marcus Bakker
84f9f0440a
- Non-MITRE ATT&CK data sources are now also exported to Excel.
...
- Any ATT&CK data sources that are missing within the YAML file are added to the Excel with a comment stating it is missing.
2019-08-15 20:31:20 +02:00
Ruben Bouman
7ad8fe16c7
added same kind of graph for visibility as for detection
2019-08-15 16:00:06 +02:00
Ruben Bouman
437f4f346d
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-15 15:34:36 +02:00
Ruben Bouman
e4eca01168
small improvements
2019-08-15 15:34:31 +02:00
Marcus Bakker
4f045644f1
Fixed a bug that caused a crash when a technique_id was part of the exception list
2019-08-15 11:05:11 +02:00
Marcus Bakker
753dd20e54
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-13 14:31:08 +02:00
Marcus Bakker
5c700690c6
Added the possibility to use EQL queries.
2019-08-13 14:30:43 +02:00
Marcus Bakker
4fd39d46aa
Removed an unnecessary try/catch block.
2019-08-13 14:29:54 +02:00
Marcus Bakker
08b4c9c1ec
Made the necessary changes to be compatible with the interactive menu.
2019-08-13 14:28:43 +02:00
Marcus Bakker
94e5470ccd
Modified how the DQ overall scores is calculated.
2019-08-13 14:24:03 +02:00
Ruben Bouman
a8c925da27
fix operator in requirements file
2019-08-12 15:44:55 +02:00
Marcus Bakker
04591ce76d
Fixed a bug that caused a crash when the key-value pair 'date_registered' or 'date_connected' is not a datetime object.
2019-08-09 20:15:48 +02:00
Marcus Bakker
b0757b6bbd
Fixed a bug that caused a crash when having a 'group_name' or 'campaign' within a Group YAML with only integers.
2019-08-09 10:51:57 +02:00
Marcus Bakker
0a7be67477
- Multiple functions modified to be compatible with new EQL query functionality.
...
- Making use of StringIO within the function 'generate_technique_administration_file' instead of writing a temporary file to disk.
2019-08-08 14:48:22 +02:00
Marcus Bakker
823c82a909
- Added new functionality to the function 'generate_group_heat_map' for the new EQL query functionality. And added support for the '--health' argument in the group mode.
...
- Removed functionality due to the deprecation of the argument '-a, --applicable'.
2019-08-08 14:46:30 +02:00
Marcus Bakker
4a3b77ab00
Added the package eql (v0.7)
2019-08-08 14:42:31 +02:00
Marcus Bakker
1d2fd69a5b
- Removed functionality due to the deprecation of the argument '-a, --applicable'.
...
- Renamed the Excel column 'General comment' to 'Technique comment'.
- Improved the function '_load_data_sources' to make use of StringIO instead of writing a temporary file to disk.
- Before the Excel file is created, it is made sure that the date is written in the following format "%Y-%m%d". This is necessary due to the new EQL query functionality.
- Added a try/except block to '_load_data_sources', for when an EQL query resulted in invalid data source administration YAML content.
2019-08-08 14:41:34 +02:00
Marcus Bakker
7a0aedb2a3
Removed unnecessary arguments to the call of the function 'fix_date_and_remove_null'.
2019-08-08 14:32:36 +02:00
Marcus Bakker
025c302af5
- Removed the function 'try_get_key' (replaced by the native dict method 'get').
...
- Improved the function 'fix_date_and_remove_null' to make use of StringIO instead of writing temporary files to disk.
- Made the function 'get_latest_score_obj', 'public'. This function is needed within the module 'eql_yaml.py'.
- Removed functionality for the deprecated argument '-a, --applicable'.
- Added a try/except block to 'load_techniques', for when an EQL query resulted in invalid technique administration YAML content.
- Improved the health check to only to perform the health check, when the content of the YAML file changed. This results in a notable increase in performance.
2019-08-08 14:29:15 +02:00
Marcus Bakker
3d66ab004a
- Added new CLI arguments for EQL queries.
...
- Removed the CLI argument '-a, --applicable' (replaced by EQL queries).
2019-08-08 14:17:31 +02:00
Marcus Bakker
dbad1f54da
Added several new constants.
2019-08-08 11:49:12 +02:00
Marcus Bakker
8012521ab6
New functionality for the integration of EQL into DeTT&CT.
2019-08-08 11:45:03 +02:00
Marcus Bakker
c6d25a2f0f
- Added functionally to remove null values from YAML file lines.
...
- Small improvement in the health check.
2019-08-02 11:47:58 +02:00
Marcus Bakker
9100cd2175
Changed the way the file is written.
2019-08-02 11:45:56 +02:00
Marcus Bakker
9f160a262c
Removed null from the YAML file lines
2019-08-02 11:29:50 +02:00
Marcus Bakker
3d11aa5835
- Added new functionality for Mitigations statistics.
...
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
Marcus Bakker
cf4a55081c
Added new functionality for Mitigations statistics
2019-08-01 15:02:06 +02:00
Marcus Bakker
5814446462
Added new constants for STIX
2019-08-01 15:00:09 +02:00
Marcus Bakker
a24f77146e
A pre-attack Navigator layer's filename no longer contains a platform (which it does not support)
2019-07-31 11:59:17 +02:00
Marcus Bakker
b3468a1060
- Added new functionality for the auto-upgrade from tech. admin. YAML file v1.1 to v1.2.
...
- Replaced PyYAML with ruamel.yaml.
2019-07-31 10:23:32 +02:00
Marcus Bakker
ef7f494cda
- Made compatible with the version 1.2 of the technique admin YAML file.
...
- Replaced PyYAML with ruamel.yaml.
2019-07-31 10:21:39 +02:00
Marcus Bakker
b2fdb25647
- Multiple functions made "private".
...
- Added new menu options.
2019-07-31 10:20:21 +02:00
Marcus Bakker
f4121bf4d0
- Replaced PyYAML with ruamel.yaml.
...
- Multiple functions made "private".
2019-07-31 10:19:51 +02:00
Marcus Bakker
d0f2a4946b
- Made compatible with version 1.2 of the technique admin YAML file.
...
- Added new functionality for the auto-update of visibility scores.
- Added multiple new generic functions.
- Multiple small improvements to the technique admin YAML file health check.
- Replaced PyYAML with ruamel.yaml.
- Multiple functions made "private".
- Made compatible with v0.2.7 of attackcti.
2019-07-31 10:18:57 +02:00
Marcus Bakker
6be77c3260
- Multiple functions made "private".
...
- Added new menu options.
2019-07-31 10:14:47 +02:00
Marcus Bakker
94f4913670
- Replaced PyYAML with ruamel.yaml
...
- Added new functionality for the auto-update of visibility scores.
- Made compatible with version 1.2 of the technique admin YAML file.
2019-07-31 10:13:46 +02:00
Marcus Bakker
b0ba153c32
- Updated the version to 1.2.0
...
- Added new constants for the tech v1.1 to v1.2 upgrade
- Added new constants for the auto-update visibility scores functionality
2019-07-31 10:09:06 +02:00
Marcus Bakker
539611dac7
- Updated to version 1.2 of the tech. administration file.
...
- Improved visibility scores due to the new data source: Process use of network.
2019-07-31 10:05:44 +02:00
Marcus Bakker
a5bb18f101
Revert
2019-07-30 21:11:30 +02:00
Marcus Bakker
23d72a5075
Update techniques-administration-endpoints.yaml
2019-07-30 21:07:39 +02:00
Marcus Bakker
6a23aae605
Added the data source as available (with a high DQ): Process use of network
2019-07-30 20:51:18 +02:00
Marcus Bakker
1ea3547728
Added an empty data source administration YAML file
2019-07-30 14:41:06 +02:00
Marcus Bakker
23f903404a
- replaced PyYAML by ruamel.yaml (needed to preserve comments and block style and key ordering)
...
- updated attackcti to v0.2.7
2019-07-30 09:02:33 +02:00
Marcus Bakker
4e89105f04
Bugfix causing a red colour when score equals 0 in the visibility Navigator layer
2019-07-24 10:21:19 +02:00