MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

chg: [tmss] migration to PyMISPGalaxies

Browse source
This commit is contained in:
Christophe Vandeplas 2024-06-25 13:16:48 +02:00
parent 41cf08a038
commit bbbd2ca36b
No known key found for this signature in database
GPG key ID: BDC48619FFDC5A5B
2 changed files with 51 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
clusters/tmss.json
View file

@ -1,7 +1,7 @@
{ {
"authors": [ "authors": [
"Microsoft",
"Evgeny Bogokovsky", "Evgeny Bogokovsky",
"Microsoft",
"Ram Pliskin" "Ram Pliskin"
], ],
"category": "tmss", "category": "tmss",

53
tools/gen_ms_tmss.py
View file

@ -22,9 +22,8 @@ import yaml
import os import os
import uuid import uuid
import re import re
import json
import argparse import argparse
from pymispgalaxies import Cluster, Galaxy
parser = argparse.ArgumentParser(description='Create/update the Threat Matrix for storage services based on Markdown files.') parser = argparse.ArgumentParser(description='Create/update the Threat Matrix for storage services based on Markdown files.')
parser.add_argument("-p", "--path", required=True, help="Path of the 'Threat Matrix for storage services' git clone folder") parser.add_argument("-p", "--path", required=True, help="Path of the 'Threat Matrix for storage services' git clone folder")
@ -40,14 +39,18 @@ with open(os.path.join(args.path, 'mkdocs.yml'), 'r') as f:
tactics = [] tactics = []
clusters = {} clusters = {}
mitre_attack_pattern = Cluster('mitre-attack-pattern')
def find_mitre_uuid_from_technique_id(technique_id): def find_mitre_uuid_from_technique_id(technique_id):
with open('../clusters/mitre-attack-pattern.json', 'r') as mitre_f: try:
mitre = json.load(mitre_f) return mitre_attack_pattern.get_by_external_id(technique_id).uuid
for item in mitre['values']: except KeyError:
if item['meta']['external_id'] == technique_id: print("No MITRE UUID found for technique_id: ", technique_id)
return item['uuid']
return None return None
for nav_item in mkdocs_data['nav']: for nav_item in mkdocs_data['nav']:
try: try:
for tact_item in nav_item['Tactics']: for tact_item in nav_item['Tactics']:
@ -107,7 +110,11 @@ galaxy_type = "tmss"
galaxy_name = "Threat Matrix for storage services" galaxy_name = "Threat Matrix for storage services"
galaxy_description = 'Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.' galaxy_description = 'Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.'
galaxy_source = 'https://github.com/microsoft/Threat-matrix-for-storage-services' galaxy_source = 'https://github.com/microsoft/Threat-matrix-for-storage-services'
json_galaxy = {
try:
galaxy = Galaxy('tmss')
except (KeyError, FileNotFoundError):
galaxy = Galaxy({
'icon': "map", 'icon': "map",
'kill_chain_order': { 'kill_chain_order': {
'TMSS-tactics': tactics 'TMSS-tactics': tactics
@ -118,9 +125,14 @@ json_galaxy = {
'type': galaxy_type, 'type': galaxy_type,
'uuid': "d6532b58-99e0-44a9-93c8-affe055e4443", 'uuid': "d6532b58-99e0-44a9-93c8-affe055e4443",
'version': 1 'version': 1
} })
json_cluster = { galaxy.save('tmss')
try:
cluster = Cluster('tmss')
except (KeyError, FileNotFoundError):
cluster = Cluster({
'authors': ["Microsoft"], 'authors': ["Microsoft"],
'category': 'tmss', 'category': 'tmss',
'name': galaxy_name, 'name': galaxy_name,
@ -128,22 +140,17 @@ json_cluster = {
'source': galaxy_source, 'source': galaxy_source,
'type': galaxy_type, 'type': galaxy_type,
'uuid': "aaf033a6-7f1e-45ab-beef-20a52b75b641", 'uuid': "aaf033a6-7f1e-45ab-beef-20a52b75b641",
'values': list(clusters.values()), 'version': 0
'version': 1 })
}
# add authors based on the Acknowledgements page # add authors based on the Acknowledgements page
authors = ('Evgeny Bogokovsky', 'Ram Pliskin') authors = ('Evgeny Bogokovsky', 'Ram Pliskin')
for author in authors: for author in authors:
json_cluster['authors'].append(author) cluster.authors.add(author)
for cluster_value in clusters.values():
cluster.append(cluster_value)
# save the Galaxy and Cluster file cluster.save('tmss')
with open(os.path.join('..', 'galaxies', 'tmss.json'), 'w') as f:
json.dump(json_galaxy, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
with open(os.path.join('..', 'clusters', 'tmss.json'), 'w') as f: print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh, and update_README.")
json.dump(json_cluster, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh.")