MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #973 from cvandeplas/main

Browse source 
chg: [atlas] update to latest version #newUUIDsForAll
This commit is contained in:
Christophe Vandeplas 2024-05-13 15:26:36 +02:00 committed by GitHub
commit fd8b906055
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 331 additions and 273 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.vscode/launch.json vendored
View file

@ -19,6 +19,15 @@
"args": "-p ../../DW-VA-Taxonomy",
"cwd": "${fileDirname}"
},
{
"name": "gen_mitre_atlas",
"type": "debugpy",
"request": "launch",
"program": "${file}",
"console": "integratedTerminal",
"args": "-p ../../atlas-navigator-data",
"cwd": "${fileDirname}"
},
{
"name": "Python Debugger: Current File",
"type": "debugpy",

342
clusters/mitre-atlas-attack-pattern.json
View file

File diff suppressed because it is too large Load diff

226
clusters/mitre-atlas-course-of-action.json
View file

@ -19,21 +19,35 @@
},
"related": [
{
"dest-uuid": "229ead06-da1e-443c-8ff1-e57a3ae0eb61",
"dest-uuid": "65d21e6b-7abe-4623-8f5c-88011cb362cb",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "d93b2175-90a8-4250-821f-dcc3bbbe194c",
"dest-uuid": "8c26f51a-c403-4c4d-852a-a1c56fe9e7cd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "aa17fe8d-62f8-4c4c-b7a2-6858c82dd84b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b23cda85-3457-406d-b043-24d2cf9e6fcf",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "0b016f6f-2f61-493c-bf9d-02cad4c027df",
"uuid": "40076545-e797-4508-a294-943096a12111",
"value": "Limit Release of Public Information"
},
{
@ -46,28 +60,28 @@
},
"related": [
{
"dest-uuid": "292ebe33-addc-4fe7-b2a9-4856293c4c96",
"dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "6945b742-f1d5-4a83-ba4a-d0e0de6620c3",
"dest-uuid": "a3baff3d-7228-4ab7-ae00-ffe150e7ef8a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "6a7f4fc2-272b-4f86-b137-70fa3e239f58",
"dest-uuid": "c086784e-1494-4f75-a4a0-d3ad054b9428",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "c0f65fa8-8e05-4481-b934-ff2c452ae8c3",
"uuid": "79c75215-ada9-4c22-bfed-7d13fb6e966e",
"value": "Limit Model Artifact Release"
},
{
@ -80,49 +94,49 @@
},
"related": [
{
"dest-uuid": "569d6edd-0140-4ab2-97b1-3635d62f40cc",
"dest-uuid": "86b5f486-afb8-4aa9-991f-0e24d5737f0c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "65c5e3b8-9296-46a2-ae7d-1b68a79cbe54",
"dest-uuid": "943303ef-846b-49d6-b53f-b0b9341ac1ca",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086",
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "83c5ba15-5312-4c7d-bbb4-f9c4f2c6ffca",
"dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "8a115a02-2b88-4a3e-9212-a39dc086320b",
"dest-uuid": "e19c6f8a-f1e2-46cc-9387-03a3092f01ed",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b5d1fd4f-861f-43e0-b1ca-ee8a3b47f7e1",
"dest-uuid": "f78e0ac3-6d72-42ed-b20a-e10d8c752cf6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "6b53cb14-eade-4760-8dae-75164e62cb7e",
"uuid": "9f92e876-e2c0-4def-afee-626a4a79c524",
"value": "Passive ML Output Obfuscation"
},
{
@ -135,21 +149,21 @@
},
"related": [
{
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3",
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db",
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "04e9bb75-1b7e-4825-bc3f-774850d3c1ef",
"uuid": "216f862c-7f34-4676-a913-c4ec6cc4c2cd",
"value": "Model Hardening"
},
{
@ -162,77 +176,77 @@
},
"related": [
{
"dest-uuid": "1cc7f877-cb60-419a-bd1e-32b704b534d0",
"dest-uuid": "6c1fca80-3ba9-41c9-8f7b-9824310a94f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "3247b43f-1888-4158-b3da-5b7c7dfaa4e2",
"dest-uuid": "86b5f486-afb8-4aa9-991f-0e24d5737f0c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "3b829988-8bdb-4c4e-a4dd-500a3d3fd3e4",
"dest-uuid": "8f644f37-e2e6-468e-b720-f395b8c27fbc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "569d6edd-0140-4ab2-97b1-3635d62f40cc",
"dest-uuid": "943303ef-846b-49d6-b53f-b0b9341ac1ca",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "65c5e3b8-9296-46a2-ae7d-1b68a79cbe54",
"dest-uuid": "ae71ca3a-8ca4-40d2-bdba-4276b29ac8f9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086",
"dest-uuid": "b07d147f-51c8-4eb6-9a05-09c86762a9c1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "83c5ba15-5312-4c7d-bbb4-f9c4f2c6ffca",
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "8a115a02-2b88-4a3e-9212-a39dc086320b",
"dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b5d1fd4f-861f-43e0-b1ca-ee8a3b47f7e1",
"dest-uuid": "e19c6f8a-f1e2-46cc-9387-03a3092f01ed",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "ba5645e5-d1ab-4f1f-8b82-cb0792543fa8",
"dest-uuid": "f78e0ac3-6d72-42ed-b20a-e10d8c752cf6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "4a048bfe-dab5-434b-86cc-f4586951ec0d",
"uuid": "46b3e92d-600b-47c9-80f5-ed62a5db0377",
"value": "Restrict Number of ML Model Queries"
},
{
@ -245,56 +259,56 @@
},
"related": [
{
"dest-uuid": "0d002b6b-d006-4aab-a7f9-fa69f4a1e675",
"dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d",
"dest-uuid": "2680aa95-5620-4677-9c62-b0c3d15d9450",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "481486ed-846c-43ce-931b-86b8a18556b0",
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "666f4d33-1a62-4ad7-9bf9-6387cd3f1fd7",
"dest-uuid": "8d644240-ad99-4410-a7f8-3ef8f53a463e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "68034561-a079-4052-9b64-427bfcff76ff",
"dest-uuid": "a50f02df-1130-4945-94bb-7857952da585",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "6945b742-f1d5-4a83-ba4a-d0e0de6620c3",
"dest-uuid": "d1f013a8-11f3-4560-831c-8ed5e39247c9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "822cb1e2-f35f-4b35-a650-59b7770d4abc",
"dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "da785068-ece5-4c52-b77d-39e1b24cb6d7",
"uuid": "0025dadf-7900-497f-aa03-39f0e319f20e",
"value": "Control Access to ML Models and Data at Rest"
},
{
@ -307,42 +321,42 @@
},
"related": [
{
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d",
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "4627c4e6-fb06-4bfa-add5-dc46e0043aff",
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "8a115a02-2b88-4a3e-9212-a39dc086320b",
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3",
"dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db",
"dest-uuid": "d8292a1c-21e7-4b45-b110-0e05feb30a9a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "de7a696b-f688-454c-bf61-476a68b50e9f",
"uuid": "dcb586a2-1135-4e2a-97bd-d4adbc79758b",
"value": "Use Ensemble Methods"
},
{
@ -355,32 +369,32 @@
},
"related": [
{
"dest-uuid": "666f4d33-1a62-4ad7-9bf9-6387cd3f1fd7",
"dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "6945b742-f1d5-4a83-ba4a-d0e0de6620c3",
"dest-uuid": "8d644240-ad99-4410-a7f8-3ef8f53a463e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "822cb1e2-f35f-4b35-a650-59b7770d4abc",
"dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "7e20b527-6299-4ee3-863e-59fee7cdaa9a",
"uuid": "9395d240-cc32-452a-911b-04feea01bcfb",
"value": "Sanitize Training Data"
},
{
"description": "Validate that machine learning models perform as intended by testing for backdoor triggers or adversarial bias.\n",
"description": "Validate that machine learning models perform as intended by testing for backdoor triggers or adversarial bias.\nMonitor model for concept drift and training data drift, which may indicate data tampering and poisoning.\n",
"meta": {
"external_id": "AML.M0008",
"refs": [
@ -389,28 +403,28 @@
},
"related": [
{
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d",
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "68034561-a079-4052-9b64-427bfcff76ff",
"dest-uuid": "a50f02df-1130-4945-94bb-7857952da585",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "822cb1e2-f35f-4b35-a650-59b7770d4abc",
"dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "32bd077a-90ce-4e97-ad40-8f130a1a7dab",
"uuid": "01c2ec0a-e257-4a75-9e59-f71aa6362b6e",
"value": "Validate ML Model"
},
{
@ -423,21 +437,21 @@
},
"related": [
{
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db",
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "e0958449-a880-4410-bbb1-fa102030a883",
"dest-uuid": "4d5c6974-0307-4535-bf37-7bb4c6a2ef47",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "532918ce-83cf-4f6f-86fa-8ad4024e91ab",
"uuid": "1bb9d9a7-c05a-470f-a709-64bd240e2eb0",
"value": "Use Multi-Modal Sensors"
},
{
@ -450,28 +464,28 @@
},
"related": [
{
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086",
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3",
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db",
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "88aea80f-498f-403d-b82f-e76c44f9da94",
"uuid": "73a34f24-1ad1-4421-b9c8-c2cbd13e6f47",
"value": "Input Restoration"
},
{
@ -484,14 +498,14 @@
},
"related": [
{
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b",
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "6cd8c9ca-bd46-489f-9ccb-5b76b8ef580e",
"uuid": "179e00cb-0948-4282-9132-f8a1f0ff6bd7",
"value": "Restrict Library Loading"
},
{
@ -504,28 +518,28 @@
},
"related": [
{
"dest-uuid": "0d002b6b-d006-4aab-a7f9-fa69f4a1e675",
"dest-uuid": "6a88dccb-fb37-4f11-a5ad-42908aaee1d0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "529fac49-5f88-4a3c-829f-eb50cb90bcf1",
"dest-uuid": "d1f013a8-11f3-4560-831c-8ed5e39247c9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b67fc223-fecf-4ee6-9de7-9392d9f04060",
"dest-uuid": "e2ebc190-9ff6-496e-afeb-ac868df2361e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "8bba19a7-fc6f-4381-8b34-2d43cdc14627",
"uuid": "aad92d43-774b-4612-8437-8d6c7ee7e4af",
"value": "Encrypt Sensitive Information"
},
{
@ -538,28 +552,28 @@
},
"related": [
{
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d",
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "4627c4e6-fb06-4bfa-add5-dc46e0043aff",
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b",
"dest-uuid": "d8292a1c-21e7-4b45-b110-0e05feb30a9a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "c55ed072-eca7-41d6-b5e0-68c10753544d",
"uuid": "88073b07-2fe9-41cb-8e76-6e244fbabc74",
"value": "Code Signing"
},
{
@ -572,28 +586,28 @@
},
"related": [
{
"dest-uuid": "0799f2f2-1038-4391-ba1f-4117595db45a",
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b6697dbf-3e3f-41ce-a212-361d1c0ca0e9",
"dest-uuid": "d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b",
"dest-uuid": "f4fc2abd-71a4-401a-a742-18fc5aeb4bc3",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "a861f658-4203-48ba-bdca-fe068518eefb",
"uuid": "cdccb3ab-2dde-41a9-a988-783a25b7bd00",
"value": "Verify ML Artifacts"
},
{
@ -606,39 +620,39 @@
},
"related": [
{
"dest-uuid": "1cc7f877-cb60-419a-bd1e-32b704b534d0",
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086",
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3",
"dest-uuid": "8f644f37-e2e6-468e-b720-f395b8c27fbc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db",
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "825f21ab-f3c9-46ce-b539-28f295f519f8",
"uuid": "0ed2ef71-cdc9-4eef-8432-1c3dadbdda20",
"value": "Adversarial Input Detection"
},
{
"description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.\n\nFile formats such as pickle files that are commonly used to store machine learning models can contain exploits that allow for arbitrary code execution.\n",
"description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.\n\nFile formats such as pickle files that are commonly used to store machine learning models can contain exploits that allow for arbitrary code execution.\nBoth model artifacts and downstream products produced by models should be scanned for known vulnerabilities.\n",
"meta": {
"external_id": "AML.M0016",
"refs": [
@ -647,18 +661,25 @@
},
"related": [
{
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b",
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "c704a49c-abf0-4258-9919-a862b1865469",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "e2cb599d-2714-4673-bc1a-976c471d7c58",
"uuid": "79752061-aac1-4ed9-b7f3-3b4dc5e81280",
"value": "Vulnerability Scanning"
},
{
"description": "Deploying ML models to edge devices can increase the attack surface of the system. Consider serving models in the cloud to reduce the level of access the adversary has to the model.\n",
"description": "Deploying ML models to edge devices can increase the attack surface of the system.\nConsider serving models in the cloud to reduce the level of access the adversary has to the model.\nAlso consider computing features in the cloud to prevent gray-box attacks, where an adversary has access to the model preprocessing methods.\n",
"meta": {
"external_id": "AML.M0017",
"refs": [
@ -667,28 +688,28 @@
},
"related": [
{
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d",
"dest-uuid": "3de90963-bc9f-4ae1-b780-7d05e46eacdd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "51c95da5-d7f1-4b57-9229-869b80305b37",
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "afcd723a-e5ff-4c09-8f72-fe16f7345af7",
"dest-uuid": "ab01ba21-1438-4cd9-a588-92eb271086bc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "79316871-3bf9-4a59-b517-b0156e84fcb4",
"uuid": "432c3a44-3974-4b73-9eb9-fa5dd5298e47",
"value": "Model Distribution Methods"
},
{
@ -701,23 +722,50 @@
},
"related": [
{
"dest-uuid": "5e8e4108-beb6-479a-a617-323d425e5d03",
"dest-uuid": "8c849dd4-5d15-45aa-b5b2-59c96a3ab939",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b",
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "8c2cb25a-46b0-4551-beeb-21e8425a48bd",
"uuid": "cce983e7-13a2-4545-8c39-ec6c8dff148d",
"value": "User Training"
},
{
"description": "Require users to verify their identities before accessing a production model.\nRequire authentication for API endpoints and monitor production model queries to ensure compliance with usage policies and to prevent model misuse.\n",
"meta": {
"external_id": "AML.M0019",
"refs": [
"https://atlas.mitre.org/mitigations/AML.M0019"
]
},
"related": [
{
"dest-uuid": "90a420d4-3f03-4800-86c0-223c4376804a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b07d147f-51c8-4eb6-9a05-09c86762a9c1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "7b00dd51-f719-433d-afd6-3d386f64386d",
"value": "Control Access to ML Models and Data in Production"
}
],
"version": 10
"version": 12
}

17
tools/gen_mitre.py
View file

@ -146,12 +146,6 @@ for domain in domains:
if item['type'] not in types.values():
continue
# skip deprecated and/or revoked
# if 'revoked' in item and item['revoked']:
# continue
# if 'x_mitre_deprecated' in item and item['x_mitre_deprecated']:
# continue
# print(json.dumps(item, indent=2, sort_keys=True, ensure_ascii=False))
try:
# build the new data structure
@ -178,6 +172,12 @@ for domain in domains:
if 'x_mitre_aliases' in item:
value['meta']['synonyms'] = item['x_mitre_aliases']
# handle deprecated and/or revoked
# if 'x_mitre_deprecated' in item and item['x_mitre_deprecated']:
# value['deprecated'] = True
# if 'revoked' in item and item['revoked']:
# value['revoked'] = True
if 'external_references' in item:
for reference in item['external_references']:
if 'url' in reference and reference['url'] not in value['meta']['refs']:
@ -205,9 +205,9 @@ for domain in domains:
value['meta']['mitre_data_sources'] = item['x_mitre_data_sources']
if 'x_mitre_platforms' in item:
value['meta']['mitre_platforms'] = item['x_mitre_platforms']
# TODO add the other x_mitre elements dynamically
# TODO add the other x_mitre elements dynamically, but now it seems to break the tests
# x_mitre_fields = [key for key in item.keys() if key.startswith('x_mitre')]
# skip_x_mitre_fields = ['x_mitre_aliases', 'x_mitre_version', 'x_mitre_old_attack_id', 'mitre_attack_spec_version']
# skip_x_mitre_fields = ['x_mitre_deprecated', 'x_mitre_aliases', 'x_mitre_version', 'x_mitre_old_attack_id', 'x_mitre_attack_spec_version']
# for skip_field in skip_x_mitre_fields:
# try:
# x_mitre_fields.remove(skip_field)
@ -220,7 +220,6 @@ for domain in domains:
value['type'] = item['type'] # remove this before dump to json
# print(json.dumps(value, sort_keys=True, indent=2))
# FIXME if 'x_mitre_deprecated' , 'revoked'
all_data_uuid[uuid] = value
except Exception:

10
tools/gen_mitre_atlas.py
View file

@ -107,9 +107,11 @@ for item in attack_data['objects']:
if 'external_id' in reference and reference.get("source_name", None) in mitre_sources:
value['meta']['external_id'] = reference['external_id']
if not value['meta'].get('external_id', None):
exit("Entry is missing an external ID, please update mitre_sources. Available references: {}".format(
json.dumps(item['external_references'])
))
# dataset also contains MITRE ATT&CK, whenever we don't find external ID from the allowed sources it's a sign that the entry is not of the type of interest
continue
# exit("Entry is missing an external ID, please update mitre_sources. Available references: {}".format(
# json.dumps(item['external_references'])
# ))
if 'kill_chain_phases' in item: # many (but not all) attack-patterns have this
value['meta']['kill_chain'] = []
@ -127,7 +129,7 @@ for item in attack_data['objects']:
all_data_uuid[uuid] = value
except Exception as e:
except Exception:
print(json.dumps(item, sort_keys=True, indent=2))
import traceback
traceback.print_exc()