mirror of
https://github.com/MISP/misp-galaxy.git
synced 2025-01-18 18:46:17 +00:00
Add [tidal] sub option
This commit is contained in:
parent
1a5ccd23a2
commit
cde860647c
3 changed files with 100 additions and 89 deletions
|
@ -156,7 +156,7 @@ document$.subscribe(function () {
|
|||
|
||||
// Create nodes
|
||||
var node = svg.append("g")
|
||||
.attr("stroke", "#fff")
|
||||
.attr("stroke", "#D3D3D3")
|
||||
.attr("stroke-width", 1.5)
|
||||
.selectAll("circle")
|
||||
.data(nodes)
|
||||
|
|
|
@ -17,7 +17,7 @@ GALAXY_PATH = "../../galaxies"
|
|||
CLUSTER_PATH = "../../clusters"
|
||||
|
||||
|
||||
def create_galaxy(endpoint: str, version: int, extended_relations: bool = False):
|
||||
def create_galaxy(endpoint: str, version: int, extended_relations: bool = False, create_subs: bool = False):
|
||||
api = TidalAPI()
|
||||
data = api.get_data(endpoint)
|
||||
with open(f"{CONFIG}/{endpoint}.json", "r") as file:
|
||||
|
@ -28,16 +28,16 @@ def create_galaxy(endpoint: str, version: int, extended_relations: bool = False)
|
|||
|
||||
match endpoint:
|
||||
case "groups":
|
||||
cluster = GroupCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations)
|
||||
cluster = GroupCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations, subs=create_subs)
|
||||
cluster.add_values(data)
|
||||
case "software":
|
||||
cluster = SoftwareCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations)
|
||||
cluster = SoftwareCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations, subs=create_subs)
|
||||
cluster.add_values(data)
|
||||
case "campaigns":
|
||||
cluster = CampaignsCluster(**config["cluster"], uuid=galaxy.uuid)
|
||||
cluster.add_values(data)
|
||||
case "technique":
|
||||
cluster = TechniqueCluster(**config["cluster"], uuid=galaxy.uuid)
|
||||
cluster = TechniqueCluster(**config["cluster"], uuid=galaxy.uuid, subs=create_subs)
|
||||
cluster.add_values(data)
|
||||
case "tactic":
|
||||
cluster = TacticCluster(**config["cluster"], uuid=galaxy.uuid)
|
||||
|
@ -56,9 +56,9 @@ def create_galaxy(endpoint: str, version: int, extended_relations: bool = False)
|
|||
def main(args, galaxies):
|
||||
if args.all:
|
||||
for galaxy in galaxies:
|
||||
create_galaxy(galaxy, args.version, args.extended_relations)
|
||||
create_galaxy(galaxy, args.version, args.extended_relations, args.create_subs)
|
||||
else:
|
||||
create_galaxy(args.type, args.version, args.extended_relations)
|
||||
create_galaxy(args.type, args.version, args.extended_relations, args.create_subs)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
@ -92,7 +92,12 @@ if __name__ == "__main__":
|
|||
parser.add_argument(
|
||||
"--extended-relations",
|
||||
action="store_true",
|
||||
help="Create extended relations in the cluster",
|
||||
help="Create extended relations for the clusters",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--create-subs",
|
||||
action="store_true",
|
||||
help="Create subclusters from the API",
|
||||
)
|
||||
parser.set_defaults(func=main)
|
||||
|
||||
|
|
|
@ -177,9 +177,11 @@ class GroupCluster(Cluster):
|
|||
type: str,
|
||||
uuid: str,
|
||||
enrichment: bool = False,
|
||||
subs: bool = False,
|
||||
):
|
||||
super().__init__(authors, category, description, name, source, type, uuid)
|
||||
self.enrichment = enrichment
|
||||
self.subs = subs
|
||||
|
||||
def add_values(self, data):
|
||||
for entry in data["data"]:
|
||||
|
@ -213,35 +215,34 @@ class GroupCluster(Cluster):
|
|||
"type": "similar",
|
||||
}
|
||||
)
|
||||
|
||||
for associated_group in entry.get("associated_groups"):
|
||||
associated_meta = AssociatedGroupsMeta(
|
||||
id=associated_group.get("id"),
|
||||
owner_id=associated_group.get("owner_id"),
|
||||
owner=associated_group.get("owner_name"),
|
||||
)
|
||||
associated_related = []
|
||||
associated_related.append(
|
||||
{
|
||||
"dest-uuid": entry.get("id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
value = ClusterValue(
|
||||
description=associated_group.get("description"),
|
||||
meta=associated_meta,
|
||||
related=associated_related,
|
||||
uuid=associated_group.get("associated_group_id"),
|
||||
value=associated_group.get("name"),
|
||||
)
|
||||
self.values.append(value.return_value())
|
||||
related.append(
|
||||
{
|
||||
"dest-uuid": associated_group.get("associated_group_id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
|
||||
if self.subs:
|
||||
for associated_group in entry.get("associated_groups"):
|
||||
associated_meta = AssociatedGroupsMeta(
|
||||
id=associated_group.get("id"),
|
||||
owner_id=associated_group.get("owner_id"),
|
||||
owner=associated_group.get("owner_name"),
|
||||
)
|
||||
associated_related = []
|
||||
associated_related.append(
|
||||
{
|
||||
"dest-uuid": entry.get("id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
value = ClusterValue(
|
||||
description=associated_group.get("description"),
|
||||
meta=associated_meta,
|
||||
related=associated_related,
|
||||
uuid=associated_group.get("associated_group_id"),
|
||||
value=associated_group.get("name"),
|
||||
)
|
||||
self.values.append(value.return_value())
|
||||
related.append(
|
||||
{
|
||||
"dest-uuid": associated_group.get("associated_group_id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
value = ClusterValue(
|
||||
description=entry.get("description"),
|
||||
meta=meta,
|
||||
|
@ -263,9 +264,11 @@ class SoftwareCluster(Cluster):
|
|||
type: str,
|
||||
uuid: str,
|
||||
enrichment: bool = False,
|
||||
subs: bool = False,
|
||||
):
|
||||
super().__init__(authors, category, description, name, source, type, uuid)
|
||||
self.enrichment = enrichment
|
||||
self.subs = subs
|
||||
|
||||
def add_values(self, data):
|
||||
for entry in data["data"]:
|
||||
|
@ -307,34 +310,34 @@ class SoftwareCluster(Cluster):
|
|||
"type": "similar",
|
||||
}
|
||||
)
|
||||
|
||||
for associated_software in entry.get("associated_software"):
|
||||
associated_meta = AssociatedSoftwareMeta(
|
||||
id=associated_software.get("id"),
|
||||
owner_id=associated_software.get("owner_id"),
|
||||
owner=associated_software.get("owner_name"),
|
||||
)
|
||||
associated_related = []
|
||||
associated_related.append(
|
||||
{
|
||||
"dest-uuid": entry.get("id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
value = ClusterValue(
|
||||
description=associated_software.get("description"),
|
||||
meta=associated_meta,
|
||||
related=associated_related,
|
||||
uuid=associated_software.get("associated_software_id"),
|
||||
value=associated_software.get("name"),
|
||||
)
|
||||
self.values.append(value.return_value())
|
||||
related.append(
|
||||
{
|
||||
"dest-uuid": associated_software.get("associated_software_id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
if self.subs:
|
||||
for associated_software in entry.get("associated_software"):
|
||||
associated_meta = AssociatedSoftwareMeta(
|
||||
id=associated_software.get("id"),
|
||||
owner_id=associated_software.get("owner_id"),
|
||||
owner=associated_software.get("owner_name"),
|
||||
)
|
||||
associated_related = []
|
||||
associated_related.append(
|
||||
{
|
||||
"dest-uuid": entry.get("id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
value = ClusterValue(
|
||||
description=associated_software.get("description"),
|
||||
meta=associated_meta,
|
||||
related=associated_related,
|
||||
uuid=associated_software.get("associated_software_id"),
|
||||
value=associated_software.get("name"),
|
||||
)
|
||||
self.values.append(value.return_value())
|
||||
related.append(
|
||||
{
|
||||
"dest-uuid": associated_software.get("associated_software_id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
|
||||
value = ClusterValue(
|
||||
description=entry.get("description"),
|
||||
|
@ -356,8 +359,10 @@ class TechniqueCluster(Cluster):
|
|||
source: str,
|
||||
type: str,
|
||||
uuid: str,
|
||||
subs: bool = False,
|
||||
):
|
||||
super().__init__(authors, category, description, name, source, type, uuid)
|
||||
self.subs = subs
|
||||
|
||||
def add_values(self, data):
|
||||
for entry in data["data"]:
|
||||
|
@ -376,33 +381,34 @@ class TechniqueCluster(Cluster):
|
|||
}
|
||||
)
|
||||
|
||||
for sub_technique in entry.get("sub_technique"):
|
||||
sub_meta = SubTechniqueMeta(
|
||||
source=sub_technique.get("source"),
|
||||
technique_attack_id=sub_technique.get("technique_attack_id"),
|
||||
)
|
||||
sub_related = []
|
||||
for relation in sub_technique.get("tactic"):
|
||||
sub_related.append(
|
||||
if self.subs:
|
||||
for sub_technique in entry.get("sub_technique"):
|
||||
sub_meta = SubTechniqueMeta(
|
||||
source=sub_technique.get("source"),
|
||||
technique_attack_id=sub_technique.get("technique_attack_id"),
|
||||
)
|
||||
sub_related = []
|
||||
for relation in sub_technique.get("tactic"):
|
||||
sub_related.append(
|
||||
{
|
||||
"dest-uuid": relation.get("tactic_id"),
|
||||
"type": "uses",
|
||||
}
|
||||
)
|
||||
sub_value = ClusterValue(
|
||||
description=sub_technique.get("description"),
|
||||
meta=sub_meta,
|
||||
related=sub_related,
|
||||
uuid=sub_technique.get("id"),
|
||||
value=sub_technique.get("name"),
|
||||
)
|
||||
self.values.append(sub_value.return_value())
|
||||
related.append(
|
||||
{
|
||||
"dest-uuid": relation.get("tactic_id"),
|
||||
"type": "uses",
|
||||
"dest-uuid": sub_technique.get("id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
sub_value = ClusterValue(
|
||||
description=sub_technique.get("description"),
|
||||
meta=sub_meta,
|
||||
related=sub_related,
|
||||
uuid=sub_technique.get("id"),
|
||||
value=sub_technique.get("name"),
|
||||
)
|
||||
self.values.append(sub_value.return_value())
|
||||
related.append(
|
||||
{
|
||||
"dest-uuid": sub_technique.get("id"),
|
||||
"type": "similar",
|
||||
}
|
||||
)
|
||||
|
||||
value = ClusterValue(
|
||||
description=entry.get("description"),
|
||||
|
|
Loading…
Add table
Reference in a new issue