mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
chg: [fight] add ATT&CK rel + fix description bug
This commit is contained in:
parent
2f47a3c505
commit
e7c5bc7956
2 changed files with 288 additions and 160 deletions
File diff suppressed because it is too large
Load diff
|
@ -17,13 +17,14 @@
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
from bs4 import BeautifulSoup
|
||||||
|
from markdown import markdown
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
import requests
|
import requests
|
||||||
import uuid
|
import uuid
|
||||||
import yaml
|
import yaml
|
||||||
from bs4 import BeautifulSoup
|
|
||||||
from markdown import markdown
|
|
||||||
|
|
||||||
|
|
||||||
uuid_seed = '8666d04b-977a-434b-82b4-f36271ec1cfb'
|
uuid_seed = '8666d04b-977a-434b-82b4-f36271ec1cfb'
|
||||||
|
@ -44,6 +45,18 @@ fight = yaml.safe_load(r.text)
|
||||||
# fight = yaml.safe_load(f)
|
# fight = yaml.safe_load(f)
|
||||||
|
|
||||||
|
|
||||||
|
with open('../clusters/mitre-attack-pattern.json', 'r') as mitre_f:
|
||||||
|
mitre = json.load(mitre_f)
|
||||||
|
|
||||||
|
|
||||||
|
def find_mitre_uuid_from_technique_id(technique_id):
|
||||||
|
for item in mitre['values']:
|
||||||
|
if item['meta']['external_id'] == technique_id:
|
||||||
|
return item['uuid']
|
||||||
|
print("No MITRE UUID found for technique_id: ", technique_id)
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def clean_ref(text: str) -> str:
|
def clean_ref(text: str) -> str:
|
||||||
'''
|
'''
|
||||||
'<a name="1"> \\[1\\] </a> [5GS Roaming Guidelines Version 5.0 (non-confidential), NG.113-v5.0, GSMA, December 2021](https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf)'
|
'<a name="1"> \\[1\\] </a> [5GS Roaming Guidelines Version 5.0 (non-confidential), NG.113-v5.0, GSMA, December 2021](https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf)'
|
||||||
|
@ -82,11 +95,28 @@ for item in fight['techniques']:
|
||||||
},
|
},
|
||||||
'related': []
|
'related': []
|
||||||
}
|
}
|
||||||
keys_to_skip = ['id', 'name', 'references', 'tactics']
|
keys_to_skip = ['id', 'name', 'references', 'tactics', 'description']
|
||||||
for keys in item.keys():
|
for keys in item.keys():
|
||||||
if keys not in keys_to_skip:
|
if keys not in keys_to_skip:
|
||||||
element['meta'][keys] = item[keys]
|
element['meta'][keys] = item[keys]
|
||||||
|
|
||||||
|
if 'https://attack.mitre.org/techniques/' in item['description']:
|
||||||
|
# extract the references from the description
|
||||||
|
# add it as ref and build the relationship to the technique using uuid
|
||||||
|
url = re.search(r'(https?://[^\)]+)/(T[^\)]+)', item['description'])
|
||||||
|
if url:
|
||||||
|
extracted_url = url.group(0)
|
||||||
|
element['meta']['refs'].append(extracted_url)
|
||||||
|
technique_uuid = find_mitre_uuid_from_technique_id(url.group(2).replace('/', '.'))
|
||||||
|
if technique_uuid:
|
||||||
|
element['related'].append({
|
||||||
|
'dest-uuid': technique_uuid,
|
||||||
|
'type': 'related-to'
|
||||||
|
})
|
||||||
|
else:
|
||||||
|
print("WARNING: No MITRE UUID found for technique_id: ", url.group(2))
|
||||||
|
pass
|
||||||
|
|
||||||
try:
|
try:
|
||||||
for ref in item['references']:
|
for ref in item['references']:
|
||||||
element['meta']['refs'].append(clean_ref(ref))
|
element['meta']['refs'].append(clean_ref(ref))
|
||||||
|
|
Loading…
Reference in a new issue