MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add [tidal] sub option

Browse source
This commit is contained in:
niclas 2024-03-05 14:18:15 +01:00
parent 1a5ccd23a2
commit cde860647c
3 changed files with 100 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
tools/mkdocs/site/docs/01_attachements/javascripts/graph.js
View file

@ -156,7 +156,7 @@ document$.subscribe(function () {
// Create nodes
var node = svg.append("g")
.attr("stroke", "#fff")
.attr("stroke", "#D3D3D3")
.attr("stroke-width", 1.5)
.selectAll("circle")
.data(nodes)

19
tools/tidal-api/main.py
View file

@ -17,7 +17,7 @@ GALAXY_PATH = "../../galaxies"
CLUSTER_PATH = "../../clusters"
def create_galaxy(endpoint: str, version: int, extended_relations: bool = False):
def create_galaxy(endpoint: str, version: int, extended_relations: bool = False, create_subs: bool = False):
api = TidalAPI()
data = api.get_data(endpoint)
with open(f"{CONFIG}/{endpoint}.json", "r") as file:
@ -28,16 +28,16 @@ def create_galaxy(endpoint: str, version: int, extended_relations: bool = False)
match endpoint:
case "groups":
cluster = GroupCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations)
cluster = GroupCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations, subs=create_subs)
cluster.add_values(data)
case "software":
cluster = SoftwareCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations)
cluster = SoftwareCluster(**config["cluster"], uuid=galaxy.uuid, enrichment=extended_relations, subs=create_subs)
cluster.add_values(data)
case "campaigns":
cluster = CampaignsCluster(**config["cluster"], uuid=galaxy.uuid)
cluster.add_values(data)
case "technique":
cluster = TechniqueCluster(**config["cluster"], uuid=galaxy.uuid)
cluster = TechniqueCluster(**config["cluster"], uuid=galaxy.uuid, subs=create_subs)
cluster.add_values(data)
case "tactic":
cluster = TacticCluster(**config["cluster"], uuid=galaxy.uuid)
@ -56,9 +56,9 @@ def create_galaxy(endpoint: str, version: int, extended_relations: bool = False)
def main(args, galaxies):
if args.all:
for galaxy in galaxies:
create_galaxy(galaxy, args.version, args.extended_relations)
create_galaxy(galaxy, args.version, args.extended_relations, args.create_subs)
else:
create_galaxy(args.type, args.version, args.extended_relations)
create_galaxy(args.type, args.version, args.extended_relations, args.create_subs)
if __name__ == "__main__":
@ -92,7 +92,12 @@ if __name__ == "__main__":
parser.add_argument(
"--extended-relations",
action="store_true",
help="Create extended relations in the cluster",
help="Create extended relations for the clusters",
)
parser.add_argument(
"--create-subs",
action="store_true",
help="Create subclusters from the API",
)
parser.set_defaults(func=main)

168
tools/tidal-api/models/cluster.py
View file

@ -177,9 +177,11 @@ class GroupCluster(Cluster):
type: str,
uuid: str,
enrichment: bool = False,
subs: bool = False,
):
super().__init__(authors, category, description, name, source, type, uuid)
self.enrichment = enrichment
self.subs = subs
def add_values(self, data):
for entry in data["data"]:
@ -213,35 +215,34 @@ class GroupCluster(Cluster):
"type": "similar",
}
)
for associated_group in entry.get("associated_groups"):
associated_meta = AssociatedGroupsMeta(
id=associated_group.get("id"),
owner_id=associated_group.get("owner_id"),
owner=associated_group.get("owner_name"),
)
associated_related = []
associated_related.append(
{
"dest-uuid": entry.get("id"),
"type": "similar",
}
)
value = ClusterValue(
description=associated_group.get("description"),
meta=associated_meta,
related=associated_related,
uuid=associated_group.get("associated_group_id"),
value=associated_group.get("name"),
)
self.values.append(value.return_value())
related.append(
{
"dest-uuid": associated_group.get("associated_group_id"),
"type": "similar",
}
)
if self.subs:
for associated_group in entry.get("associated_groups"):
associated_meta = AssociatedGroupsMeta(
id=associated_group.get("id"),
owner_id=associated_group.get("owner_id"),
owner=associated_group.get("owner_name"),
)
associated_related = []
associated_related.append(
{
"dest-uuid": entry.get("id"),
"type": "similar",
}
)
value = ClusterValue(
description=associated_group.get("description"),
meta=associated_meta,
related=associated_related,
uuid=associated_group.get("associated_group_id"),
value=associated_group.get("name"),
)
self.values.append(value.return_value())
related.append(
{
"dest-uuid": associated_group.get("associated_group_id"),
"type": "similar",
}
)
value = ClusterValue(
description=entry.get("description"),
meta=meta,
@ -263,9 +264,11 @@ class SoftwareCluster(Cluster):
type: str,
uuid: str,
enrichment: bool = False,
subs: bool = False,
):
super().__init__(authors, category, description, name, source, type, uuid)
self.enrichment = enrichment
self.subs = subs
def add_values(self, data):
for entry in data["data"]:
@ -307,34 +310,34 @@ class SoftwareCluster(Cluster):
"type": "similar",
}
)
for associated_software in entry.get("associated_software"):
associated_meta = AssociatedSoftwareMeta(
id=associated_software.get("id"),
owner_id=associated_software.get("owner_id"),
owner=associated_software.get("owner_name"),
)
associated_related = []
associated_related.append(
{
"dest-uuid": entry.get("id"),
"type": "similar",
}
)
value = ClusterValue(
description=associated_software.get("description"),
meta=associated_meta,
related=associated_related,
uuid=associated_software.get("associated_software_id"),
value=associated_software.get("name"),
)
self.values.append(value.return_value())
related.append(
{
"dest-uuid": associated_software.get("associated_software_id"),
"type": "similar",
}
)
if self.subs:
for associated_software in entry.get("associated_software"):
associated_meta = AssociatedSoftwareMeta(
id=associated_software.get("id"),
owner_id=associated_software.get("owner_id"),
owner=associated_software.get("owner_name"),
)
associated_related = []
associated_related.append(
{
"dest-uuid": entry.get("id"),
"type": "similar",
}
)
value = ClusterValue(
description=associated_software.get("description"),
meta=associated_meta,
related=associated_related,
uuid=associated_software.get("associated_software_id"),
value=associated_software.get("name"),
)
self.values.append(value.return_value())
related.append(
{
"dest-uuid": associated_software.get("associated_software_id"),
"type": "similar",
}
)
value = ClusterValue(
description=entry.get("description"),
@ -356,8 +359,10 @@ class TechniqueCluster(Cluster):
source: str,
type: str,
uuid: str,
subs: bool = False,
):
super().__init__(authors, category, description, name, source, type, uuid)
self.subs = subs
def add_values(self, data):
for entry in data["data"]:
@ -376,33 +381,34 @@ class TechniqueCluster(Cluster):
}
)
for sub_technique in entry.get("sub_technique"):
sub_meta = SubTechniqueMeta(
source=sub_technique.get("source"),
technique_attack_id=sub_technique.get("technique_attack_id"),
)
sub_related = []
for relation in sub_technique.get("tactic"):
sub_related.append(
if self.subs:
for sub_technique in entry.get("sub_technique"):
sub_meta = SubTechniqueMeta(
source=sub_technique.get("source"),
technique_attack_id=sub_technique.get("technique_attack_id"),
)
sub_related = []
for relation in sub_technique.get("tactic"):
sub_related.append(
{
"dest-uuid": relation.get("tactic_id"),
"type": "uses",
}
)
sub_value = ClusterValue(
description=sub_technique.get("description"),
meta=sub_meta,
related=sub_related,
uuid=sub_technique.get("id"),
value=sub_technique.get("name"),
)
self.values.append(sub_value.return_value())
related.append(
{
"dest-uuid": relation.get("tactic_id"),
"type": "uses",
"dest-uuid": sub_technique.get("id"),
"type": "similar",
}
)
sub_value = ClusterValue(
description=sub_technique.get("description"),
meta=sub_meta,
related=sub_related,
uuid=sub_technique.get("id"),
value=sub_technique.get("name"),
)
self.values.append(sub_value.return_value())
related.append(
{
"dest-uuid": sub_technique.get("id"),
"type": "similar",
}
)
value = ClusterValue(
description=entry.get("description"),