MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-30 02:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add [tidal] sub option

Browse source
This commit is contained in:
niclas 2024-03-05 14:18:15 +01:00
parent 1a5ccd23a2
commit cde860647c
3 changed files with 100 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
tools/mkdocs/site/docs/01_attachements/javascripts/graph.js
View file

@ -156,7 +156,7 @@ document$.subscribe(function () {
// Create nodes // Create nodes
var node = svg.append("g") var node = svg.append("g")
.attr("stroke", "#fff") .attr("stroke", "#D3D3D3")
.attr("stroke-width", 1.5) .attr("stroke-width", 1.5)
.selectAll("circle") .selectAll("circle")
.data(nodes) .data(nodes)

19
tools/tidal-api/main.py
View file

@ -17,7 +17,7 @@ GALAXY_PATH = "../../galaxies"
CLUSTER_PATH = "../../clusters" CLUSTER_PATH = "../../clusters"
def create_galaxy(endpoint: str, version: int, extended_relations: bool = False): def create_galaxy(endpoint: str, version: int, extended_relations: bool = False, create_subs: bool = False):
api = TidalAPI() api = TidalAPI()
data = api.get_data(endpoint) data = api.get_data(endpoint)
with open(f"{CONFIG}/{endpoint}.json", "r") as file: with open(f"{CONFIG}/{endpoint}.json", "r") as file:
@ -28,16 +28,16 @@ def create_galaxy(endpoint: str, version: int, extended_relations: bool = False)
match endpoint: match endpoint:
case "groups": case "groups":
cluster = GroupCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations) cluster = GroupCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations, subs=create_subs)
cluster.add_values(data) cluster.add_values(data)
case "software": case "software":
cluster = SoftwareCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations) cluster = SoftwareCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations, subs=create_subs)
cluster.add_values(data) cluster.add_values(data)
case "campaigns": case "campaigns":
cluster = CampaignsCluster(**config["cluster"], uuid=galaxy.uuid) cluster = CampaignsCluster(**config["cluster"], uuid=galaxy.uuid)
cluster.add_values(data) cluster.add_values(data)
case "technique": case "technique":
cluster = TechniqueCluster(**config["cluster"], uuid=galaxy.uuid) cluster = TechniqueCluster(**config["cluster"], uuid=galaxy.uuid, subs=create_subs)
cluster.add_values(data) cluster.add_values(data)
case "tactic": case "tactic":
cluster = TacticCluster(**config["cluster"], uuid=galaxy.uuid) cluster = TacticCluster(**config["cluster"], uuid=galaxy.uuid)
@ -56,9 +56,9 @@ def create_galaxy(endpoint: str, version: int, extended_relations: bool = False)
def main(args, galaxies): def main(args, galaxies):
if args.all: if args.all:
for galaxy in galaxies: for galaxy in galaxies:
create_galaxy(galaxy, args.version, args.extended_relations) create_galaxy(galaxy, args.version, args.extended_relations, args.create_subs)
else: else:
create_galaxy(args.type, args.version, args.extended_relations) create_galaxy(args.type, args.version, args.extended_relations, args.create_subs)
if __name__ == "__main__": if __name__ == "__main__":
@ -92,7 +92,12 @@ if __name__ == "__main__":
parser.add_argument( parser.add_argument(
"--extended-relations", "--extended-relations",
action="store_true", action="store_true",
help="Create extended relations in the cluster", help="Create extended relations for the clusters",
)
parser.add_argument(
"--create-subs",
action="store_true",
help="Create subclusters from the API",
) )
parser.set_defaults(func=main) parser.set_defaults(func=main)

168
tools/tidal-api/models/cluster.py
View file

@ -177,9 +177,11 @@ class GroupCluster(Cluster):
type: str, type: str,
uuid: str, uuid: str,
enrichment: bool = False, enrichment: bool = False,
subs: bool = False,
): ):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
self.enrichment = enrichment self.enrichment = enrichment
self.subs = subs
def add_values(self, data): def add_values(self, data):
for entry in data["data"]: for entry in data["data"]:
@ -213,35 +215,34 @@ class GroupCluster(Cluster):
"type": "similar", "type": "similar",
} }
) )
if self.subs:
for associated_group in entry.get("associated_groups"): for associated_group in entry.get("associated_groups"):
associated_meta = AssociatedGroupsMeta( associated_meta = AssociatedGroupsMeta(
id=associated_group.get("id"), id=associated_group.get("id"),
owner_id=associated_group.get("owner_id"), owner_id=associated_group.get("owner_id"),
owner=associated_group.get("owner_name"), owner=associated_group.get("owner_name"),
) )
associated_related = [] associated_related = []
associated_related.append( associated_related.append(
{ {
"dest-uuid": entry.get("id"), "dest-uuid": entry.get("id"),
"type": "similar", "type": "similar",
} }
) )
value = ClusterValue( value = ClusterValue(
description=associated_group.get("description"), description=associated_group.get("description"),
meta=associated_meta, meta=associated_meta,
related=associated_related, related=associated_related,
uuid=associated_group.get("associated_group_id"), uuid=associated_group.get("associated_group_id"),
value=associated_group.get("name"), value=associated_group.get("name"),
) )
self.values.append(value.return_value()) self.values.append(value.return_value())
related.append( related.append(
{ {
"dest-uuid": associated_group.get("associated_group_id"), "dest-uuid": associated_group.get("associated_group_id"),
"type": "similar", "type": "similar",
} }
) )
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),
meta=meta, meta=meta,
@ -263,9 +264,11 @@ class SoftwareCluster(Cluster):
type: str, type: str,
uuid: str, uuid: str,
enrichment: bool = False, enrichment: bool = False,
subs: bool = False,
): ):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
self.enrichment = enrichment self.enrichment = enrichment
self.subs = subs
def add_values(self, data): def add_values(self, data):
for entry in data["data"]: for entry in data["data"]:
@ -307,34 +310,34 @@ class SoftwareCluster(Cluster):
"type": "similar", "type": "similar",
} }
) )
if self.subs:
for associated_software in entry.get("associated_software"): for associated_software in entry.get("associated_software"):
associated_meta = AssociatedSoftwareMeta( associated_meta = AssociatedSoftwareMeta(
id=associated_software.get("id"), id=associated_software.get("id"),
owner_id=associated_software.get("owner_id"), owner_id=associated_software.get("owner_id"),
owner=associated_software.get("owner_name"), owner=associated_software.get("owner_name"),
) )
associated_related = [] associated_related = []
associated_related.append( associated_related.append(
{ {
"dest-uuid": entry.get("id"), "dest-uuid": entry.get("id"),
"type": "similar", "type": "similar",
} }
) )
value = ClusterValue( value = ClusterValue(
description=associated_software.get("description"), description=associated_software.get("description"),
meta=associated_meta, meta=associated_meta,
related=associated_related, related=associated_related,
uuid=associated_software.get("associated_software_id"), uuid=associated_software.get("associated_software_id"),
value=associated_software.get("name"), value=associated_software.get("name"),
) )
self.values.append(value.return_value()) self.values.append(value.return_value())
related.append( related.append(
{ {
"dest-uuid": associated_software.get("associated_software_id"), "dest-uuid": associated_software.get("associated_software_id"),
"type": "similar", "type": "similar",
} }
) )
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),
@ -356,8 +359,10 @@ class TechniqueCluster(Cluster):
source: str, source: str,
type: str, type: str,
uuid: str, uuid: str,
subs: bool = False,
): ):
super().__init__(authors, category, description, name, source, type, uuid) super().__init__(authors, category, description, name, source, type, uuid)
self.subs = subs
def add_values(self, data): def add_values(self, data):
for entry in data["data"]: for entry in data["data"]:
@ -376,33 +381,34 @@ class TechniqueCluster(Cluster):
} }
) )
for sub_technique in entry.get("sub_technique"): if self.subs:
sub_meta = SubTechniqueMeta( for sub_technique in entry.get("sub_technique"):
source=sub_technique.get("source"), sub_meta = SubTechniqueMeta(
technique_attack_id=sub_technique.get("technique_attack_id"), source=sub_technique.get("source"),
) technique_attack_id=sub_technique.get("technique_attack_id"),
sub_related = [] )
for relation in sub_technique.get("tactic"): sub_related = []
sub_related.append( for relation in sub_technique.get("tactic"):
sub_related.append(
{
"dest-uuid": relation.get("tactic_id"),
"type": "uses",
}
)
sub_value = ClusterValue(
description=sub_technique.get("description"),
meta=sub_meta,
related=sub_related,
uuid=sub_technique.get("id"),
value=sub_technique.get("name"),
)
self.values.append(sub_value.return_value())
related.append(
{ {
"dest-uuid": relation.get("tactic_id"), "dest-uuid": sub_technique.get("id"),
"type": "uses", "type": "similar",
} }
) )
sub_value = ClusterValue(
description=sub_technique.get("description"),
meta=sub_meta,
related=sub_related,
uuid=sub_technique.get("id"),
value=sub_technique.get("name"),
)
self.values.append(sub_value.return_value())
related.append(
{
"dest-uuid": sub_technique.get("id"),
"type": "similar",
}
)
value = ClusterValue( value = ClusterValue(
description=entry.get("description"), description=entry.get("description"),