Add [technique] subtechnique

This commit is contained in:
niclas 2024-02-23 11:25:07 +01:00
parent 35b8192208
commit a311ce6a1c
2 changed files with 179 additions and 51 deletions

View file

@ -1,6 +1,13 @@
from api.api import TidalAPI
from models.galaxy import Galaxy
from models.cluster import GroupCluster, SoftwareCluster, CampaignsCluster, TechniqueCluster, TacticCluster, ReferencesCluster
from models.cluster import (
GroupCluster,
SoftwareCluster,
CampaignsCluster,
TechniqueCluster,
TacticCluster,
ReferencesCluster,
)
import argparse
import json
import os
@ -9,6 +16,7 @@ CONFIG = "./config"
GALAXY_PATH = "../../galaxies"
CLUSTER_PATH = "../../clusters"
def create_galaxy(endpoint: str, version: int):
api = TidalAPI()
data = api.get_data(endpoint)
@ -44,6 +52,7 @@ def create_galaxy(endpoint: str, version: int):
cluster.save_to_file(f"{CLUSTER_PATH}/tidal-{endpoint}.json")
print(f"Galaxy tidal-{endpoint} created")
def main(args, galaxies):
if args.all:
for galaxy in galaxies:
@ -59,7 +68,6 @@ if __name__ == "__main__":
if f.endswith(".json"):
galaxies.append(f.split(".")[0])
parser = argparse.ArgumentParser(
description="Create galaxy and cluster json files from Tidal API"
)

View file

@ -1,12 +1,14 @@
from dataclasses import dataclass, field, asdict
import json
@dataclass
class Meta:
pass
@dataclass
class GroupsMeta():
class GroupsMeta(Meta):
source: str = None
group_attack_id: str = None
country: str = None
@ -16,8 +18,9 @@ class GroupsMeta():
tags: list = None
owner: str = None
@dataclass
class SoftwareMeta():
class SoftwareMeta(Meta):
source: str = None
type: str = None
software_attack_id: str = None
@ -25,23 +28,32 @@ class SoftwareMeta():
tags: list = None
owner: str = None
@dataclass
class TechniqueMeta():
class TechniqueMeta(Meta):
source: str = None
platforms: list = None
tags: list = None
owner: str = None
@dataclass
class TacticMeta():
class SubTechniqueMeta(Meta):
source: str = None
technique_attack_id: str = None
@dataclass
class TacticMeta(Meta):
source: str = None
tactic_attack_id: str = None
ordinal_position: int = None
tags: list = None
owner: str = None
@dataclass
class ReferencesMeta():
class ReferencesMeta(Meta):
source: str = None
refs: list = None
title: str = None
@ -50,8 +62,9 @@ class ReferencesMeta():
date_published: str = None
owner: str = None
@dataclass
class CampaignsMeta():
class CampaignsMeta(Meta):
source: str = None
campaign_attack_id: str = None
first_seen: str = None
@ -59,6 +72,7 @@ class CampaignsMeta():
tags: list = None
owner: str = None
@dataclass
class ClusterValue:
description: str = ""
@ -69,11 +83,23 @@ class ClusterValue:
def return_value(self):
value_dict = asdict(self)
value_dict['meta'] = {k: v for k, v in asdict(self.meta).items() if v is not None}
value_dict["meta"] = {
k: v for k, v in asdict(self.meta).items() if v is not None
}
return value_dict
class Cluster():
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
class Cluster:
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
self.authors = authors
self.category = category
self.description = description
@ -105,8 +131,18 @@ class Cluster():
"values": self.values,
}
class GroupCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data):
@ -114,16 +150,25 @@ class GroupCluster(Cluster):
meta = GroupsMeta(
source=entry.get("source"),
group_attack_id=entry.get("group_attack_id"),
country=entry.get("country")[0].get("country_code") if entry.get("country") else None,
observed_countries=[x.get("country_code") for x in entry.get("observed_country")],
observed_motivations=[x.get("name") for x in entry.get("observed_motivation")],
country=(
entry.get("country")[0].get("country_code")
if entry.get("country")
else None
),
observed_countries=[
x.get("country_code") for x in entry.get("observed_country")
],
observed_motivations=[
x.get("name") for x in entry.get("observed_motivation")
],
target_categories=[x.get("name") for x in entry.get("observed_sector")],
tags=[x.get("tag") for x in entry.get("tags")],
owner=entry.get("owner_name"),
)
related = []
for relation in entry.get("associated_groups"):
related.append({
related.append(
{
"dest-uuid": relation.get("id"),
"type": "related-to",
}
@ -139,7 +184,16 @@ class GroupCluster(Cluster):
class SoftwareCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data):
@ -154,13 +208,15 @@ class SoftwareCluster(Cluster):
)
related = []
for relation in entry.get("groups"):
related.append({
related.append(
{
"dest-uuid": relation.get("group_id"),
"type": "used-by",
}
)
for relation in entry.get("associated_software"):
related.append({
related.append(
{
"dest-uuid": relation.get("id"),
"type": "related-to",
}
@ -174,8 +230,18 @@ class SoftwareCluster(Cluster):
)
self.values.append(value.return_value())
class TechniqueCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data):
@ -188,7 +254,8 @@ class TechniqueCluster(Cluster):
)
related = []
for relation in entry.get("tactic"):
related.append({
related.append(
{
"dest-uuid": relation.get("tactic_id"),
"type": "uses",
}
@ -202,8 +269,40 @@ class TechniqueCluster(Cluster):
)
self.values.append(value.return_value())
for sub_technique in entry.get("sub_technique"):
meta = SubTechniqueMeta(
source=sub_technique.get("source"),
technique_attack_id=sub_technique.get("technique_attack_id"),
)
related = []
for relation in sub_technique.get("tactic"):
related.append(
{
"dest-uuid": relation.get("tactic_id"),
"type": "uses",
}
)
value = ClusterValue(
description=sub_technique.get("description"),
meta=meta,
related=related,
uuid=sub_technique.get("id"),
value=sub_technique.get("name"),
)
self.values.append(value.return_value())
class TacticCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data):
@ -217,7 +316,8 @@ class TacticCluster(Cluster):
)
related = []
for relation in entry.get("techniques"):
related.append({
related.append(
{
"dest-uuid": relation.get("technique_id"),
"type": "uses",
}
@ -231,8 +331,18 @@ class TacticCluster(Cluster):
)
self.values.append(value.return_value())
class ReferencesCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data):
@ -255,8 +365,18 @@ class ReferencesCluster(Cluster):
)
self.values.append(value.return_value())
class CampaignsCluster(Cluster):
def __init__(self, authors: str, category: str, description: str, name: str, source: str, type: str, uuid: str):
def __init__(
self,
authors: str,
category: str,
description: str,
name: str,
source: str,
type: str,
uuid: str,
):
super().__init__(authors, category, description, name, source, type, uuid)
def add_values(self, data):