chg: [fight] add ATT&CK rel + fix description bug

This commit is contained in:
Christophe Vandeplas 2024-06-17 15:05:35 +02:00
parent 2f47a3c505
commit e7c5bc7956
No known key found for this signature in database
GPG key ID: BDC48619FFDC5A5B
2 changed files with 288 additions and 160 deletions

File diff suppressed because it is too large Load diff

View file

@ -17,13 +17,14 @@
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from bs4 import BeautifulSoup
from markdown import markdown
import json import json
import os import os
import re
import requests import requests
import uuid import uuid
import yaml import yaml
from bs4 import BeautifulSoup
from markdown import markdown
uuid_seed = '8666d04b-977a-434b-82b4-f36271ec1cfb' uuid_seed = '8666d04b-977a-434b-82b4-f36271ec1cfb'
@ -44,6 +45,18 @@ fight = yaml.safe_load(r.text)
# fight = yaml.safe_load(f) # fight = yaml.safe_load(f)
with open('../clusters/mitre-attack-pattern.json', 'r') as mitre_f:
mitre = json.load(mitre_f)
def find_mitre_uuid_from_technique_id(technique_id):
for item in mitre['values']:
if item['meta']['external_id'] == technique_id:
return item['uuid']
print("No MITRE UUID found for technique_id: ", technique_id)
return None
def clean_ref(text: str) -> str: def clean_ref(text: str) -> str:
''' '''
'<a name="1"> \\[1\\] </a> [5GS Roaming Guidelines Version 5.0 (non-confidential), NG.113-v5.0, GSMA, December 2021](https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf)' '<a name="1"> \\[1\\] </a> [5GS Roaming Guidelines Version 5.0 (non-confidential), NG.113-v5.0, GSMA, December 2021](https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf)'
@ -82,11 +95,28 @@ for item in fight['techniques']:
}, },
'related': [] 'related': []
} }
keys_to_skip = ['id', 'name', 'references', 'tactics'] keys_to_skip = ['id', 'name', 'references', 'tactics', 'description']
for keys in item.keys(): for keys in item.keys():
if keys not in keys_to_skip: if keys not in keys_to_skip:
element['meta'][keys] = item[keys] element['meta'][keys] = item[keys]
if 'https://attack.mitre.org/techniques/' in item['description']:
# extract the references from the description
# add it as ref and build the relationship to the technique using uuid
url = re.search(r'(https?://[^\)]+)/(T[^\)]+)', item['description'])
if url:
extracted_url = url.group(0)
element['meta']['refs'].append(extracted_url)
technique_uuid = find_mitre_uuid_from_technique_id(url.group(2).replace('/', '.'))
if technique_uuid:
element['related'].append({
'dest-uuid': technique_uuid,
'type': 'related-to'
})
else:
print("WARNING: No MITRE UUID found for technique_id: ", url.group(2))
pass
try: try:
for ref in item['references']: for ref in item['references']:
element['meta']['refs'].append(clean_ref(ref)) element['meta']['refs'].append(clean_ref(ref))