From a33e9e2a140d5ea8f90ef3d80d2f3157dc9fd332 Mon Sep 17 00:00:00 2001 From: niclas Date: Mon, 19 Feb 2024 11:30:10 +0100 Subject: [PATCH] Add [tidal] scipts to create new galaxies --- tools/tidal-api/api.py | 15 ++++++ tools/tidal-api/create_campaigns.py | 62 ++++++++++++++++++++++++ tools/tidal-api/create_groups.py | 73 +++++++++++++++++++++++++++++ tools/tidal-api/create_software.py | 73 +++++++++++++++++++++++++++++ 4 files changed, 223 insertions(+) create mode 100644 tools/tidal-api/api.py create mode 100644 tools/tidal-api/create_campaigns.py create mode 100644 tools/tidal-api/create_groups.py create mode 100644 tools/tidal-api/create_software.py diff --git a/tools/tidal-api/api.py b/tools/tidal-api/api.py new file mode 100644 index 0000000..0e313f6 --- /dev/null +++ b/tools/tidal-api/api.py @@ -0,0 +1,15 @@ +import requests + +class TidalAPI: + def __init__(self): + self.base_url = 'https://app-api.tidalcyber.com/api/v1/' + + def get_data(self, endpoint): + url = self.base_url + endpoint + try: + response = requests.get(url) + return response.json() + except Exception as e: + print(f'Error: {e}') + return None + diff --git a/tools/tidal-api/create_campaigns.py b/tools/tidal-api/create_campaigns.py new file mode 100644 index 0000000..9604361 --- /dev/null +++ b/tools/tidal-api/create_campaigns.py @@ -0,0 +1,62 @@ +from api import TidalAPI +import json + +VERSION = 1 +GALAXY_PATH = "../../galaxies/" +CLUSTER_PATH = "../../clusters/" +GALAXY_UUID = "43a8fce6-08d3-46c2-957d-53606efe2c48" + +def create_galaxy(): + galaxy = {} + galaxy["description"] = "Tidal Campaigns Galaxy" + galaxy["name"] = "Tidal Campaigns" + galaxy["namespace"] = "tidal" + galaxy["type"] = "campaigns" + galaxy["uuid"] = GALAXY_UUID + galaxy["version"] = VERSION + return galaxy + +def create_cluster(galaxy, data): + cluster = {} + values = [] + + for campaigns in data["data"]: + value = {} + relations = [] + + value["description"] = campaigns["description"] + + value["meta"] = {} + value["meta"]["source"] = campaigns["source"] + value["meta"]["campaign-attack-id"] = campaigns["campaign_attack_id"] + value["meta"]["first-seen"] = campaigns["first_seen"] + value["meta"]["last-seen"] = campaigns["last_seen"] + value["meta"]["tags"] = campaigns["tags"] + value["meta"]["owner"] = campaigns["owner_name"] + + value["related"] = relations + value["uuid"] = campaigns["id"] + value["value"] = campaigns["name"] + values.append(value) + + cluster["authors"] = ["Tidal"] + cluster["category"] = "Threat campaigns" + cluster["description"] = "Tidal Campaigns" + cluster["name"] = "Tidal Campaigns" + cluster["source"] = "https://app-api.tidalcyber.com/api/v1/campaigns" + cluster["type"] = "campaigns" + cluster["uuid"] = galaxy["uuid"] + cluster["values"] = values + return cluster + +if __name__ == "__main__": + api = TidalAPI() + data = api.get_data('campaigns') + galaxy = create_galaxy() + cluster = create_cluster(galaxy, data) + + with open(GALAXY_PATH + "tidal-campaigns.json", "w") as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + + with open(CLUSTER_PATH + "tidal-campaigns.json", "w") as cluster_file: + json.dump(cluster, cluster_file, indent=4) diff --git a/tools/tidal-api/create_groups.py b/tools/tidal-api/create_groups.py new file mode 100644 index 0000000..940053a --- /dev/null +++ b/tools/tidal-api/create_groups.py @@ -0,0 +1,73 @@ +from api import TidalAPI +import json + +VERSION = 1 +GALAXY_PATH = "../../galaxies/" +CLUSTER_PATH = "../../clusters/" +GALAXY_UUID = "41c3e5c0-de5c-4edb-b48b-48cd8e7519e6" + +def create_galaxy(): + galaxy = {} + galaxy["description"] = "Tidal Threat Group Galaxy" + galaxy["name"] = "Tidal Threat Group" + galaxy["namespace"] = "tidal" + galaxy["type"] = "threat-group" + galaxy["uuid"] = GALAXY_UUID + galaxy["version"] = VERSION + return galaxy + + +def create_cluster(galaxy, data): + cluster = {} + values = [] + + for group in data["data"]: + value = {} + relations = [] + # TODO check for id and associated_group_id and add to relations + for entry in group["associated_groups"]: + relation = {} + relation["dest-uuid"] = entry["id"] + relation["type"] = "related-to" + relations.append(relation) + + value["description"] = group["description"] + + value["meta"] = {} + value["meta"]["source"] = group["source"] + value["meta"]["group-attack-id"] = group["group_attack_id"] + value["meta"]["country"] = [country["country_code"] for country in group["country"]] + value["meta"]["observed_country"] = [country["country_code"] for country in group["observed_country"]] + value["meta"]["motive"] = [motive["name"] for motive in group["observed_motivation"]] + value["meta"]["target-category"] = [sector["name"] for sector in group["observed_sector"]] + value["meta"]["tags"] = group["tags"] + value["meta"]["owner"] = group["owner_name"] + + value["related"] = relations + value["uuid"] = group["id"] + value["value"] = group["name"] + values.append(value) + + cluster["authors"] = ["Tidal"] + cluster["category"] = "Threat Group" + cluster["description"] = "Tidal Threat Groups" + cluster["name"] = "Tidal Threat Group" + cluster["source"] = "https://app-api.tidalcyber.com/api/v1/groups" + cluster["type"] = "threat-group" + cluster["uuid"] = galaxy["uuid"] + cluster["values"] = values + return cluster + + +if __name__ == "__main__": + + api = TidalAPI() + data = api.get_data("groups") + galaxy = create_galaxy() + cluster = create_cluster(galaxy, data) + + with open(GALAXY_PATH + "tidal-threat-group.json", "w") as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + + with open(CLUSTER_PATH + "tidal-threat-group.json", "w") as cluster_file: + json.dump(cluster, cluster_file, indent=4) \ No newline at end of file diff --git a/tools/tidal-api/create_software.py b/tools/tidal-api/create_software.py new file mode 100644 index 0000000..1219c21 --- /dev/null +++ b/tools/tidal-api/create_software.py @@ -0,0 +1,73 @@ +from api import TidalAPI +import json + +VERSION = 1 +GALAXY_PATH = "../../galaxies/" +CLUSTER_PATH = "../../clusters/" +GALAXY_UUID = "38d62d8b-4c49-489a-9bc4-8e294c4f04f7" + +def create_galaxy(): + galaxy = {} + galaxy["description"] = "Tidal Software Galaxy" + galaxy["name"] = "Tidal Software" + galaxy["namespace"] = "tidal" + galaxy["type"] = "software" + galaxy["uuid"] = GALAXY_UUID + galaxy["version"] = VERSION + return galaxy + +def create_cluster(galaxy, data): + cluster = {} + values = [] + + for software in data["data"]: + value = {} + relations = [] + # TODO check for relations etc. + for entry in software["groups"]: + relation = {} + relation["dest-uuid"] = entry["id"] + relation["type"] = "used-by" + relations.append(relation) + for entry in software["associated_software"]: + relation = {} + relation["dest-uuid"] = entry["id"] + relation["type"] = "related-to" + relations.append(relation) + + value["description"] = software["description"] + + value["meta"] = {} + value["meta"]["source"] = software["source"] + value["meta"]["type"] = software["type"] + value["meta"]["software-attack-id"] = software["software_attack_id"] + value["meta"]["platforms"] = software["platforms"] + value["meta"]["tags"] = software["tags"] + value["meta"]["owner"] = software["owner_name"] + + value["related"] = relations + value["uuid"] = software["id"] + value["value"] = software["name"] + values.append(value) + + cluster["authors"] = ["Tidal"] + cluster["category"] = "Threat software" + cluster["description"] = "Tidal Threat Groups" + cluster["name"] = "Tidal Threat software" + cluster["source"] = "https://app-api.tidalcyber.com/api/v1/software" + cluster["type"] = "threat-software" + cluster["uuid"] = galaxy["uuid"] + cluster["values"] = values + return cluster + +if __name__ == "__main__": + api = TidalAPI() + data = api.get_data('software') + galaxy = create_galaxy() + cluster = create_cluster(galaxy, data) + + with open(GALAXY_PATH + "tidal-software.json", "w") as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + + with open(CLUSTER_PATH + "tidal-software.json", "w") as cluster_file: + json.dump(cluster, cluster_file, indent=4) \ No newline at end of file