MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

chg: [tmss] migration to PyMISPGalaxies

Browse source
This commit is contained in:
Christophe Vandeplas 2024-06-25 13:16:48 +02:00
parent 41cf08a038
commit bbbd2ca36b
No known key found for this signature in database
GPG key ID: BDC48619FFDC5A5B
2 changed files with 51 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
clusters/tmss.json
View file

@ -1,7 +1,7 @@
{ {
"authors": [ "authors": [
"Microsoft",
"Evgeny Bogokovsky", "Evgeny Bogokovsky",
"Microsoft",
"Ram Pliskin" "Ram Pliskin"
], ],
"category": "tmss", "category": "tmss",

93
tools/gen_ms_tmss.py
View file

@ -22,9 +22,8 @@ import yaml
import os import os
import uuid import uuid
import re import re
import json
import argparse import argparse
from pymispgalaxies import Cluster, Galaxy
parser = argparse.ArgumentParser(description='Create/update the Threat Matrix for storage services based on Markdown files.') parser = argparse.ArgumentParser(description='Create/update the Threat Matrix for storage services based on Markdown files.')
parser.add_argument("-p", "--path", required=True, help="Path of the 'Threat Matrix for storage services' git clone folder") parser.add_argument("-p", "--path", required=True, help="Path of the 'Threat Matrix for storage services' git clone folder")
@ -40,13 +39,17 @@ with open(os.path.join(args.path, 'mkdocs.yml'), 'r') as f:
tactics = [] tactics = []
clusters = {} clusters = {}
mitre_attack_pattern = Cluster('mitre-attack-pattern')
def find_mitre_uuid_from_technique_id(technique_id): def find_mitre_uuid_from_technique_id(technique_id):
with open('../clusters/mitre-attack-pattern.json', 'r') as mitre_f: try:
mitre = json.load(mitre_f) return mitre_attack_pattern.get_by_external_id(technique_id).uuid
for item in mitre['values']: except KeyError:
if item['meta']['external_id'] == technique_id: print("No MITRE UUID found for technique_id: ", technique_id)
return item['uuid'] return None
return None
for nav_item in mkdocs_data['nav']: for nav_item in mkdocs_data['nav']:
try: try:
@ -70,8 +73,8 @@ for nav_item in mkdocs_data['nav']:
mitre_technique_uuid = find_mitre_uuid_from_technique_id(mitre_technique_id) mitre_technique_uuid = find_mitre_uuid_from_technique_id(mitre_technique_id)
related = [ related = [
{ {
"dest-uuid": mitre_technique_uuid, "dest-uuid": mitre_technique_uuid,
"type": "related-to" "type": "related-to"
} }
] ]
except AttributeError: except AttributeError:
@ -107,43 +110,47 @@ galaxy_type = "tmss"
galaxy_name = "Threat Matrix for storage services" galaxy_name = "Threat Matrix for storage services"
galaxy_description = 'Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.' galaxy_description = 'Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.'
galaxy_source = 'https://github.com/microsoft/Threat-matrix-for-storage-services' galaxy_source = 'https://github.com/microsoft/Threat-matrix-for-storage-services'
json_galaxy = {
'icon': "map",
'kill_chain_order': {
'TMSS-tactics': tactics
},
'name': galaxy_name,
'description': galaxy_description,
'namespace': "microsoft",
'type': galaxy_type,
'uuid': "d6532b58-99e0-44a9-93c8-affe055e4443",
'version': 1
}
json_cluster = { try:
'authors': ["Microsoft"], galaxy = Galaxy('tmss')
'category': 'tmss', except (KeyError, FileNotFoundError):
'name': galaxy_name, galaxy = Galaxy({
'description': galaxy_description, 'icon': "map",
'source': galaxy_source, 'kill_chain_order': {
'type': galaxy_type, 'TMSS-tactics': tactics
'uuid': "aaf033a6-7f1e-45ab-beef-20a52b75b641", },
'values': list(clusters.values()), 'name': galaxy_name,
'version': 1 'description': galaxy_description,
} 'namespace': "microsoft",
'type': galaxy_type,
'uuid': "d6532b58-99e0-44a9-93c8-affe055e4443",
'version': 1
})
galaxy.save('tmss')
try:
cluster = Cluster('tmss')
except (KeyError, FileNotFoundError):
cluster = Cluster({
'authors': ["Microsoft"],
'category': 'tmss',
'name': galaxy_name,
'description': galaxy_description,
'source': galaxy_source,
'type': galaxy_type,
'uuid': "aaf033a6-7f1e-45ab-beef-20a52b75b641",
'version': 0
})
# add authors based on the Acknowledgements page # add authors based on the Acknowledgements page
authors = ('Evgeny Bogokovsky', 'Ram Pliskin') authors = ('Evgeny Bogokovsky', 'Ram Pliskin')
for author in authors: for author in authors:
json_cluster['authors'].append(author) cluster.authors.add(author)
for cluster_value in clusters.values():
cluster.append(cluster_value)
# save the Galaxy and Cluster file cluster.save('tmss')
with open(os.path.join('..', 'galaxies', 'tmss.json'), 'w') as f:
json.dump(json_galaxy, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
with open(os.path.join('..', 'clusters', 'tmss.json'), 'w') as f: print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh, and update_README.")
json.dump(json_cluster, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh.")