MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add [technique] subtechnique

Browse source
This commit is contained in:
niclas 2024-02-23 11:25:07 +01:00
parent 35b8192208
commit a311ce6a1c
2 changed files with 179 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
tools/tidal-api/main.py
View file

@ -1,6 +1,13 @@
from api.api import TidalAPI from api.api import TidalAPI
from models.galaxy import Galaxy from models.galaxy import Galaxy
from models.cluster import GroupCluster, SoftwareCluster, CampaignsCluster, TechniqueCluster, TacticCluster, ReferencesCluster from models.cluster import (
GroupCluster,
SoftwareCluster,
CampaignsCluster,
TechniqueCluster,
TacticCluster,
ReferencesCluster,
)
import argparse import argparse
import json import json
import os import os
@ -9,6 +16,7 @@ CONFIG = "./config"
GALAXY_PATH = "../../galaxies" GALAXY_PATH = "../../galaxies"
CLUSTER_PATH = "../../clusters" CLUSTER_PATH = "../../clusters"
def create_galaxy(endpoint: str, version: int): def create_galaxy(endpoint: str, version: int):
api = TidalAPI() api = TidalAPI()
data = api.get_data(endpoint) data = api.get_data(endpoint)
@ -44,6 +52,7 @@ def create_galaxy(endpoint: str, version: int):
cluster.save_to_file(f"{CLUSTER_PATH}/tidal-{endpoint}.json") cluster.save_to_file(f"{CLUSTER_PATH}/tidal-{endpoint}.json")
print(f"Galaxy tidal-{endpoint} created") print(f"Galaxy tidal-{endpoint} created")
def main(args, galaxies): def main(args, galaxies):
if args.all: if args.all:
for galaxy in galaxies: for galaxy in galaxies:
@ -59,7 +68,6 @@ if __name__ == "__main__":
if f.endswith(".json"): if f.endswith(".json"):
galaxies.append(f.split(".")[0]) galaxies.append(f.split(".")[0])
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description="Create galaxy and cluster json files from Tidal API" description="Create galaxy and cluster json files from Tidal API"
) )

196
tools/tidal-api/models/cluster.py
View file

@ -1,12 +1,14 @@
from dataclasses import dataclass, field, asdict from dataclasses import dataclass, field, asdict
import json import json
@dataclass @dataclass
class Meta: class Meta:
pass pass
@dataclass @dataclass
class GroupsMeta(): class GroupsMeta(Meta):
source: str = None source: str = None
group_attack_id: str = None group_attack_id: str = None
country: str = None country: str = None
@ -16,8 +18,9 @@ class GroupsMeta():
tags: list = None tags: list = None
owner: str = None owner: str = None
@dataclass @dataclass
class SoftwareMeta(): class SoftwareMeta(Meta):
source: str = None source: str = None
type: str = None type: str = None
software_attack_id: str = None software_attack_id: str = None
@ -25,23 +28,32 @@ class SoftwareMeta():
tags: list = None tags: list = None
owner: str = None owner: str = None
@dataclass @dataclass
class TechniqueMeta(): class TechniqueMeta(Meta):
source: str = None source: str = None
platforms: list = None platforms: list = None
tags: list = None tags: list = None
owner: str = None owner: str = None
@dataclass @dataclass
class TacticMeta(): class SubTechniqueMeta(Meta):
source: str = None
technique_attack_id: str = None
@dataclass
class TacticMeta(Meta):
source: str = None source: str = None
tactic_attack_id: str = None tactic_attack_id: str = None
ordinal_position: int = None ordinal_position: int = None
tags: list = None tags: list = None
owner: str = None owner: str = None
@dataclass @dataclass
class ReferencesMeta(): class ReferencesMeta(Meta):
source: str = None source: str = None
refs: list = None refs: list = None
title: str = None title: str = None
@ -50,8 +62,9 @@ class ReferencesMeta():
date_published: str = None date_published: str = None
owner: str = None owner: str = None
@dataclass @dataclass
class CampaignsMeta(): class CampaignsMeta(Meta):
source: str = None source: str = None
campaign_attack_id: str = None campaign_attack_id: str = None
first_seen: str = None first_seen: str = None
@ -59,6 +72,7 @@ class CampaignsMeta():
tags: list = None tags: list = None
owner: str = None owner: str = None
@dataclass @dataclass
class ClusterValue: class ClusterValue:
description: str = "" description: str = ""
@ -69,11 +83,23 @@ class ClusterValue:
def return_value(self): def return_value(self):
value_dict = asdict(self) value_dict = asdict(self)
value_dict['meta'] = {k: v for k, v in asdict(self.meta).items() if v is not None} value_dict["meta"] = {
k: v for k, v in asdict(self.meta).items() if v is not None
}
return value_dict return value_dict
class Cluster():
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): class Cluster:
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
self.authors = authors self.authors = authors
self.category = category self.category = category
self.description = description self.description = description
@ -105,8 +131,18 @@ class Cluster():
"values": self.values, "values": self.values,
} }
class GroupCluster(Cluster): class GroupCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data): def add_values(self, data):
@ -114,19 +150,28 @@ class GroupCluster(Cluster):
meta = GroupsMeta( meta = GroupsMeta(
source=entry.get("source"), source=entry.get("source"),
group_attack_id=entry.get("group_attack_id"), group_attack_id=entry.get("group_attack_id"),
country=entry.get("country")[0].get("country_code") if entry.get("country") else None, country=(
observed_countries=[x.get("country_code") for x in entry.get("observed_country")], entry.get("country")[0].get("country_code")
observed_motivations=[x.get("name") for x in entry.get("observed_motivation")], if entry.get("country")
else None
),
observed_countries=[
x.get("country_code") for x in entry.get("observed_country")
],
observed_motivations=[
x.get("name") for x in entry.get("observed_motivation")
],
target_categories=[x.get("name") for x in entry.get("observed_sector")], target_categories=[x.get("name") for x in entry.get("observed_sector")],
tags=[x.get("tag") for x in entry.get("tags")], tags=[x.get("tag") for x in entry.get("tags")],
owner=entry.get("owner_name"), owner=entry.get("owner_name"),
) )
related = [] related = []
for relation in entry.get("associated_groups"): for relation in entry.get("associated_groups"):
related.append({ related.append(
"dest-uuid": relation.get("id"), {
"type": "related-to", "dest-uuid": relation.get("id"),
} "type": "related-to",
}
) )
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),
@ -139,7 +184,16 @@ class GroupCluster(Cluster):
class SoftwareCluster(Cluster): class SoftwareCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data): def add_values(self, data):
@ -154,16 +208,18 @@ class SoftwareCluster(Cluster):
) )
related = [] related = []
for relation in entry.get("groups"): for relation in entry.get("groups"):
related.append({ related.append(
"dest-uuid": relation.get("group_id"), {
"type": "used-by", "dest-uuid": relation.get("group_id"),
} "type": "used-by",
}
) )
for relation in entry.get("associated_software"): for relation in entry.get("associated_software"):
related.append({ related.append(
"dest-uuid": relation.get("id"), {
"type": "related-to", "dest-uuid": relation.get("id"),
} "type": "related-to",
}
) )
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),
@ -174,8 +230,18 @@ class SoftwareCluster(Cluster):
) )
self.values.append(value.return_value()) self.values.append(value.return_value())
class TechniqueCluster(Cluster): class TechniqueCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data): def add_values(self, data):
@ -188,10 +254,11 @@ class TechniqueCluster(Cluster):
) )
related = [] related = []
for relation in entry.get("tactic"): for relation in entry.get("tactic"):
related.append({ related.append(
"dest-uuid": relation.get("tactic_id"), {
"type": "uses", "dest-uuid": relation.get("tactic_id"),
} "type": "uses",
}
) )
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),
@ -202,8 +269,40 @@ class TechniqueCluster(Cluster):
) )
self.values.append(value.return_value()) self.values.append(value.return_value())
for sub_technique in entry.get("sub_technique"):
meta = SubTechniqueMeta(
source=sub_technique.get("source"),
technique_attack_id=sub_technique.get("technique_attack_id"),
)
related = []
for relation in sub_technique.get("tactic"):
related.append(
{
"dest-uuid": relation.get("tactic_id"),
"type": "uses",
}
)
value = ClusterValue(
description=sub_technique.get("description"),
meta=meta,
related=related,
uuid=sub_technique.get("id"),
value=sub_technique.get("name"),
)
self.values.append(value.return_value())
class TacticCluster(Cluster): class TacticCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data): def add_values(self, data):
@ -217,10 +316,11 @@ class TacticCluster(Cluster):
) )
related = [] related = []
for relation in entry.get("techniques"): for relation in entry.get("techniques"):
related.append({ related.append(
"dest-uuid": relation.get("technique_id"), {
"type": "uses", "dest-uuid": relation.get("technique_id"),
} "type": "uses",
}
) )
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),
@ -231,8 +331,18 @@ class TacticCluster(Cluster):
) )
self.values.append(value.return_value()) self.values.append(value.return_value())
class ReferencesCluster(Cluster): class ReferencesCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data): def add_values(self, data):
@ -255,8 +365,18 @@ class ReferencesCluster(Cluster):
) )
self.values.append(value.return_value()) self.values.append(value.return_value())
class CampaignsCluster(Cluster): class CampaignsCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str): def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data): def add_values(self, data):