mirror of https://github.com/MISP/MISP
chg: [attackMatrix] Updated the matrix to match the changes in the mitre
galaxies and improved layout - WiPpull/4156/head
parent
c9c9d22f81
commit
48701a246d
|
@ -353,7 +353,7 @@ class Galaxy extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
public function getMitreAttackGalaxyId($type="mitre-enterprise-attack-attack-pattern")
|
||||
public function getMitreAttackGalaxyId($type="mitre-attack-pattern")
|
||||
{
|
||||
$galaxy = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
|
@ -379,18 +379,18 @@ class Galaxy extends AppModel
|
|||
'command-and-control'
|
||||
);
|
||||
$killChainOrderMobile = array(
|
||||
'initial-access',
|
||||
'persistence',
|
||||
'privilege-escalation',
|
||||
'defense-evasion',
|
||||
'credential-access',
|
||||
'discovery',
|
||||
'lateral-movement',
|
||||
'effects', 'collection',
|
||||
'effects',
|
||||
'collection',
|
||||
'exfiltration',
|
||||
'command-and-control',
|
||||
'general-network-based',
|
||||
'cellular-network-based',
|
||||
'could-based'
|
||||
'network-effects',
|
||||
'remote-service-effects'
|
||||
);
|
||||
$killChainOrderPre = array(
|
||||
'priority-definition-planning',
|
||||
|
@ -408,16 +408,15 @@ class Galaxy extends AppModel
|
|||
'build-capabilities',
|
||||
'test-capabilities',
|
||||
'stage-capabilities',
|
||||
'app-delivery-via-authorized-app-store',
|
||||
'app-delivery-via-other-means',
|
||||
'exploit-via-cellular-network',
|
||||
'exploit-via-internet',
|
||||
);
|
||||
|
||||
$killChainOrders = array(
|
||||
'mitre-enterprise-attack-attack-pattern' => $killChainOrderEnterprise,
|
||||
'mitre-mobile-attack-attack-pattern' => $killChainOrderMobile,
|
||||
'mitre-pre-attack-attack-pattern' => $killChainOrderPre,
|
||||
'mitre-attack' => $killChainOrderEnterprise,
|
||||
'mitre-mobile-attack' => $killChainOrderMobile,
|
||||
'mitre-pre-attack' => $killChainOrderPre,
|
||||
// 'mitre-attack-pattern' => $killChainOrderEnterprise,
|
||||
// 'mitre-mobile-attack-pattern' => $killChainOrderMobile,
|
||||
// 'mitre-pre-attack-pattern' => $killChainOrderPre,
|
||||
);
|
||||
|
||||
$expectedDescription = 'ATT&CK Tactic';
|
||||
|
@ -442,38 +441,58 @@ class Galaxy extends AppModel
|
|||
'instance-uuid' => $mispUUID
|
||||
);
|
||||
|
||||
foreach ($galaxies as $galaxy) {
|
||||
$galaxyType = $galaxy['Galaxy']['type'];
|
||||
$clusters = $galaxy['GalaxyCluster'];
|
||||
$attackClusters = array();
|
||||
// add cluster if kill_chain is present
|
||||
foreach ($clusters as $cluster) {
|
||||
if (empty($cluster['GalaxyElement'])) {
|
||||
continue;
|
||||
if (!empty($galaxies)) {
|
||||
$galaxy = $galaxies[0];
|
||||
} else {
|
||||
$galaxy = array();
|
||||
}
|
||||
|
||||
$clusters = $galaxy['GalaxyCluster'];
|
||||
$attackClusters = array();
|
||||
|
||||
foreach ($clusters as $cluster) {
|
||||
if (empty($cluster['GalaxyElement'])) {
|
||||
continue;
|
||||
}
|
||||
$toBeAdded = false;
|
||||
$clusterType = $cluster['type'];
|
||||
$galaxyElements = $cluster['GalaxyElement'];
|
||||
foreach ($galaxyElements as $element) {
|
||||
// add cluster if kill_chain is present
|
||||
if ($element['key'] == 'kill_chain') {
|
||||
$kc = explode(":", $element['value']);
|
||||
$galaxyType = $kc[0];
|
||||
$kc = $kc[1];
|
||||
$attackClusters[$galaxyType][$kc][] = $cluster;
|
||||
$toBeAdded = true;
|
||||
}
|
||||
$toBeAdded = false;
|
||||
$clusterType = $cluster['type'];
|
||||
$galaxyElements = $cluster['GalaxyElement'];
|
||||
foreach ($galaxyElements as $element) {
|
||||
if ($element['key'] == 'kill_chain') {
|
||||
$kc = explode(":", $element['value'])[2];
|
||||
$attackClusters[$kc][] = $cluster;
|
||||
$toBeAdded = true;
|
||||
}
|
||||
if ($element['key'] == 'external_id') {
|
||||
$cluster['external_id'] = $element['value'];
|
||||
}
|
||||
if ($element['key'] == 'external_id') {
|
||||
$cluster['external_id'] = $element['value'];
|
||||
}
|
||||
if ($toBeAdded) {
|
||||
array_push($attackTactic['attackTags'], $cluster['tag_name']);
|
||||
}
|
||||
}
|
||||
$attackTactic['attackTactic'][$galaxyType] = array(
|
||||
'clusters' => $attackClusters,
|
||||
'galaxy' => $galaxy['Galaxy'],
|
||||
);
|
||||
|
||||
$attackTactic['attackTactic'] = $attackClusters;
|
||||
$attackTactic['galaxy'] = $galaxy['Galaxy'];
|
||||
}
|
||||
|
||||
foreach ($attackTactic['attackTactic'] as $k => $v) {
|
||||
foreach ($attackTactic['attackTactic'][$k] as $kc => $v2) {
|
||||
// sort clusters in the kill chains
|
||||
usort(
|
||||
$attackTactic['attackTactic'][$k][$kc],
|
||||
function($a, $b) {
|
||||
return strcmp($a['value'], $b['value']);
|
||||
}
|
||||
);
|
||||
}
|
||||
// ksort($attackTactic['attackTactic'][$k]);
|
||||
}
|
||||
// debug(array_keys($attackTactic));
|
||||
// throw new \Exception("Error Processing Request", 1);
|
||||
|
||||
return $attackTactic;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,11 +4,11 @@
|
|||
<div class="attack-matrix-options" style="right: initial; background: transparent;">
|
||||
<ul id="attack-matrix-tabscontroller" class="nav nav-tabs" style="margin-bottom: 2px;">
|
||||
<?php
|
||||
$enterpriseTag = "mitre-enterprise-attack-attack-pattern";
|
||||
foreach($attackTactic as $tactic):
|
||||
$galaxy = $tactic['galaxy'];
|
||||
$enterpriseTag = "mitre-attack-pattern";
|
||||
$defaultTabName = "mitre-attack";
|
||||
foreach($attackTactic as $tabName => $tactic):
|
||||
?>
|
||||
<li class="tactic <?php echo $galaxy['type']==$enterpriseTag ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($galaxy['type']); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($galaxy['name']); ?></span></li>
|
||||
<li class="tactic <?php echo $tabName==$defaultTabName ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($tabName); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($tabName); ?></span></li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -40,47 +40,44 @@ foreach($attackTactic as $tactic):
|
|||
|
||||
<div id="matrix_container" class="fixed-table-container-inner" style="max-height: 670px;" data-picking-mode="<?php echo $pickingMode ? 'true' : 'false'; ?>">
|
||||
<div class="tab-content">
|
||||
<?php foreach($attackTactic as $galaxy):
|
||||
$galaxyType = $galaxy['galaxy']['type'];
|
||||
?>
|
||||
<div class="tab-pane <?php echo $galaxyType==$enterpriseTag ? "active" : ""; ?>" id="tabMatrix-<?php echo h($galaxyType); ?>">
|
||||
<div class="header-background"></div>
|
||||
<div class="fixed-table-container-inner" style="max-height: 670px;">
|
||||
<table class="table table-condensed matrix-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<?php
|
||||
foreach($killChainOrders[$galaxyType] as $kc):
|
||||
$name = str_replace("-", " ", $kc);
|
||||
?>
|
||||
<th>
|
||||
<?php echo h(ucfirst($name)); ?>
|
||||
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
|
||||
</th>
|
||||
<?php foreach($attackTactic as $tabName => $tactic): ?>
|
||||
<div class="tab-pane <?php echo $tabName==$defaultTabName ? "active" : ""; ?>" id="tabMatrix-<?php echo h($tabName); ?>">
|
||||
<div class="header-background"></div>
|
||||
<div class="fixed-table-container-inner" style="max-height: 670px;">
|
||||
<table class="table table-condensed matrix-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<?php
|
||||
foreach($killChainOrders[$tabName] as $kc):
|
||||
$name = str_replace("-", " ", $kc);
|
||||
?>
|
||||
<th>
|
||||
<?php echo h(ucfirst($name)); ?>
|
||||
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
|
||||
</th>
|
||||
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody style="overflow-y: scroll;">
|
||||
<?php
|
||||
$added = false;
|
||||
$i = 0;
|
||||
do {
|
||||
$added = false;
|
||||
echo '<tr>';
|
||||
$killChainOrder = $killChainOrders[$galaxyType];
|
||||
$attackClusters = $galaxy['clusters'];
|
||||
foreach($killChainOrder as $kc) {
|
||||
if(!isset($attackClusters[$kc])) { // undefined index
|
||||
$td = '<td class="">';
|
||||
} else {
|
||||
$clusters = $attackClusters[$kc];
|
||||
$td = '<td ';
|
||||
if ($i < count($clusters)) {
|
||||
$clusterId = $clusters[$i]['id'];
|
||||
$tagName = $clusters[$i]['tag_name'];
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody style="overflow-y: scroll;">
|
||||
<?php
|
||||
$body = '';
|
||||
$added = false;
|
||||
$i = 0;
|
||||
do {
|
||||
$tr = '<tr>';
|
||||
$added = false;
|
||||
foreach($killChainOrders[$tabName] as $kc) {
|
||||
if (isset($tactic[$kc][$i])) {
|
||||
$added = true;
|
||||
$td = '<td';
|
||||
$cell = $tactic[$kc][$i];
|
||||
|
||||
|
||||
$clusterId = $cell['id'];
|
||||
$tagName = $cell['tag_name'];
|
||||
$score = empty($scores[$tagName]) ? 0 : $scores[$tagName];
|
||||
$name = join(" ", array_slice(explode(" ", $clusters[$i]['value']), 0, -2)); // remove " - external_id"
|
||||
$name = join(" ", array_slice(explode(" ", $cell['value']), 0, -2)); // remove " - external_id"
|
||||
$clusetersNamesMapping[$clusterId] = $name;
|
||||
$td .= ' class="heatCell matrix-interaction ' . ($pickingMode ? 'cell-picking"' : '"');
|
||||
$td .= isset($colours[$tagName]) ? ' style="background: ' . h($colours[$tagName]) . '; color: ' . h($this->TextColour->getTextColour($colours[$tagName])) . '"' : '' ;
|
||||
|
@ -91,22 +88,23 @@ foreach($attackTactic as $tactic):
|
|||
$td .= ' data-target-type="attribute"';
|
||||
$td .= ' data-target-id="'.h($target_id).'"';
|
||||
}
|
||||
$td .= ' title="'.h($clusters[$i]['external_id']).'"';
|
||||
$td .= ' title="'.h($cell['external_id']).'"';
|
||||
$td .= '>' . h($name);
|
||||
$added = true;
|
||||
} else {
|
||||
$td .= 'class="">';
|
||||
|
||||
} else { // empty cell
|
||||
$td = '<td style="border: none;">';
|
||||
}
|
||||
$td .= '</td>';
|
||||
$tr .= $td;
|
||||
}
|
||||
$td .= '</td>';
|
||||
echo $td;
|
||||
}
|
||||
echo '</tr>';
|
||||
$i++;
|
||||
} while($added);
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
$tr .= '</tr>';
|
||||
$body .= $tr;
|
||||
$i++;
|
||||
} while($added);
|
||||
echo $body;
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<?php endforeach; ?>
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
}
|
||||
}
|
||||
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'viewEvent', 'mayModify' => $mayModify, 'mayPublish' => $mayPublish));
|
||||
echo $this->Html->css('attack_matrix');
|
||||
?>
|
||||
<div class="events view">
|
||||
<?php
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
.matrix-table td {
|
||||
border-top: none;
|
||||
border: 1px solid #e2e2e2;
|
||||
}
|
||||
|
||||
.matrix-table th {
|
||||
padding: 0px 5px;
|
||||
color: transparent;
|
||||
line-height: 12px;
|
||||
line-height: 0px;
|
||||
}
|
||||
|
||||
.matrix-table thead > tr {
|
||||
|
@ -17,6 +17,9 @@
|
|||
.matrix-table tbody {
|
||||
/*height: 670px;*/
|
||||
overflow-y: scroll;
|
||||
/* display: inline-block;
|
||||
position: relative; */
|
||||
top: -23px;
|
||||
}
|
||||
|
||||
table.matrix-table {
|
||||
|
|
Loading…
Reference in New Issue