MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [attackMatrix] Updated the matrix to match the changes in the mitre 

galaxies and improved layout - WiP
pull/4156/head
mokaddem 2019-02-11 16:15:52 +01:00
parent c9c9d22f81
commit 48701a246d
4 changed files with 116 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
app/Model/Galaxy.php
View File

@ -353,7 +353,7 @@ class Galaxy extends AppModel
}
}
public function getMitreAttackGalaxyId($type="mitre-enterprise-attack-attack-pattern")
public function getMitreAttackGalaxyId($type="mitre-attack-pattern")
{
$galaxy = $this->find('first', array(
'recursive' => -1,
@ -379,18 +379,18 @@ class Galaxy extends AppModel
'command-and-control'
);
$killChainOrderMobile = array(
'initial-access',
'persistence',
'privilege-escalation',
'defense-evasion',
'credential-access',
'discovery',
'lateral-movement',
'effects', 'collection',
'effects',
'collection',
'exfiltration',
'command-and-control',
'general-network-based',
'cellular-network-based',
'could-based'
'network-effects',
'remote-service-effects'
);
$killChainOrderPre = array(
'priority-definition-planning',
@ -408,16 +408,15 @@ class Galaxy extends AppModel
'build-capabilities',
'test-capabilities',
'stage-capabilities',
'app-delivery-via-authorized-app-store',
'app-delivery-via-other-means',
'exploit-via-cellular-network',
'exploit-via-internet',
);
$killChainOrders = array(
'mitre-enterprise-attack-attack-pattern' => $killChainOrderEnterprise,
'mitre-mobile-attack-attack-pattern' => $killChainOrderMobile,
'mitre-pre-attack-attack-pattern' => $killChainOrderPre,
'mitre-attack' => $killChainOrderEnterprise,
'mitre-mobile-attack' => $killChainOrderMobile,
'mitre-pre-attack' => $killChainOrderPre,
// 'mitre-attack-pattern' => $killChainOrderEnterprise,
// 'mitre-mobile-attack-pattern' => $killChainOrderMobile,
// 'mitre-pre-attack-pattern' => $killChainOrderPre,
);
$expectedDescription = 'ATT&CK Tactic';
@ -442,38 +441,58 @@ class Galaxy extends AppModel
'instance-uuid' => $mispUUID
);
foreach ($galaxies as $galaxy) {
$galaxyType = $galaxy['Galaxy']['type'];
$clusters = $galaxy['GalaxyCluster'];
$attackClusters = array();
// add cluster if kill_chain is present
foreach ($clusters as $cluster) {
if (empty($cluster['GalaxyElement'])) {
continue;
if (!empty($galaxies)) {
$galaxy = $galaxies[0];
} else {
$galaxy = array();
}
$clusters = $galaxy['GalaxyCluster'];
$attackClusters = array();
foreach ($clusters as $cluster) {
if (empty($cluster['GalaxyElement'])) {
continue;
}
$toBeAdded = false;
$clusterType = $cluster['type'];
$galaxyElements = $cluster['GalaxyElement'];
foreach ($galaxyElements as $element) {
// add cluster if kill_chain is present
if ($element['key'] == 'kill_chain') {
$kc = explode(":", $element['value']);
$galaxyType = $kc[0];
$kc = $kc[1];
$attackClusters[$galaxyType][$kc][] = $cluster;
$toBeAdded = true;
}
$toBeAdded = false;
$clusterType = $cluster['type'];
$galaxyElements = $cluster['GalaxyElement'];
foreach ($galaxyElements as $element) {
if ($element['key'] == 'kill_chain') {
$kc = explode(":", $element['value'])[2];
$attackClusters[$kc][] = $cluster;
$toBeAdded = true;
}
if ($element['key'] == 'external_id') {
$cluster['external_id'] = $element['value'];
}
if ($element['key'] == 'external_id') {
$cluster['external_id'] = $element['value'];
}
if ($toBeAdded) {
array_push($attackTactic['attackTags'], $cluster['tag_name']);
}
}
$attackTactic['attackTactic'][$galaxyType] = array(
'clusters' => $attackClusters,
'galaxy' => $galaxy['Galaxy'],
);
$attackTactic['attackTactic'] = $attackClusters;
$attackTactic['galaxy'] = $galaxy['Galaxy'];
}
foreach ($attackTactic['attackTactic'] as $k => $v) {
foreach ($attackTactic['attackTactic'][$k] as $kc => $v2) {
// sort clusters in the kill chains
usort(
$attackTactic['attackTactic'][$k][$kc],
function($a, $b) {
return strcmp($a['value'], $b['value']);
}
);
}
// ksort($attackTactic['attackTactic'][$k]);
}
// debug(array_keys($attackTactic));
// throw new \Exception("Error Processing Request", 1);
return $attackTactic;
}
}

110
app/View/Elements/view_mitre_attack_matrix.ctp
View File

@ -4,11 +4,11 @@
<div class="attack-matrix-options" style="right: initial; background: transparent;">
<ul id="attack-matrix-tabscontroller" class="nav nav-tabs" style="margin-bottom: 2px;">
<?php
$enterpriseTag = "mitre-enterprise-attack-attack-pattern";
foreach($attackTactic as $tactic):
$galaxy = $tactic['galaxy'];
$enterpriseTag = "mitre-attack-pattern";
$defaultTabName = "mitre-attack";
foreach($attackTactic as $tabName => $tactic):
?>
<li class="tactic <?php echo $galaxy['type']==$enterpriseTag ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($galaxy['type']); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($galaxy['name']); ?></span></li>
<li class="tactic <?php echo $tabName==$defaultTabName ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($tabName); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($tabName); ?></span></li>
<?php endforeach; ?>
</ul>
</div>
@ -40,47 +40,44 @@ foreach($attackTactic as $tactic):
<div id="matrix_container" class="fixed-table-container-inner" style="max-height: 670px;" data-picking-mode="<?php echo $pickingMode ? 'true' : 'false'; ?>">
<div class="tab-content">
<?php foreach($attackTactic as $galaxy):
$galaxyType = $galaxy['galaxy']['type'];
?>
<div class="tab-pane <?php echo $galaxyType==$enterpriseTag ? "active" : ""; ?>" id="tabMatrix-<?php echo h($galaxyType); ?>">
<div class="header-background"></div>
<div class="fixed-table-container-inner" style="max-height: 670px;">
<table class="table table-condensed matrix-table">
<thead>
<tr>
<?php
foreach($killChainOrders[$galaxyType] as $kc):
$name = str_replace("-", " ", $kc);
?>
<th>
<?php echo h(ucfirst($name)); ?>
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
</th>
<?php foreach($attackTactic as $tabName => $tactic): ?>
<div class="tab-pane <?php echo $tabName==$defaultTabName ? "active" : ""; ?>" id="tabMatrix-<?php echo h($tabName); ?>">
<div class="header-background"></div>
<div class="fixed-table-container-inner" style="max-height: 670px;">
<table class="table table-condensed matrix-table">
<thead>
<tr>
<?php
foreach($killChainOrders[$tabName] as $kc):
$name = str_replace("-", " ", $kc);
?>
<th>
<?php echo h(ucfirst($name)); ?>
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
</th>
<?php endforeach; ?>
</tr>
</thead>
<tbody style="overflow-y: scroll;">
<?php
$added = false;
$i = 0;
do {
$added = false;
echo '<tr>';
$killChainOrder = $killChainOrders[$galaxyType];
$attackClusters = $galaxy['clusters'];
foreach($killChainOrder as $kc) {
if(!isset($attackClusters[$kc])) { // undefined index
$td = '<td class="">';
} else {
$clusters = $attackClusters[$kc];
$td = '<td ';
if ($i < count($clusters)) {
$clusterId = $clusters[$i]['id'];
$tagName = $clusters[$i]['tag_name'];
<?php endforeach; ?>
</tr>
</thead>
<tbody style="overflow-y: scroll;">
<?php
$body = '';
$added = false;
$i = 0;
do {
$tr = '<tr>';
$added = false;
foreach($killChainOrders[$tabName] as $kc) {
if (isset($tactic[$kc][$i])) {
$added = true;
$td = '<td';
$cell = $tactic[$kc][$i];
$clusterId = $cell['id'];
$tagName = $cell['tag_name'];
$score = empty($scores[$tagName]) ? 0 : $scores[$tagName];
$name = join(" ", array_slice(explode(" ", $clusters[$i]['value']), 0, -2)); // remove " - external_id"
$name = join(" ", array_slice(explode(" ", $cell['value']), 0, -2)); // remove " - external_id"
$clusetersNamesMapping[$clusterId] = $name;
$td .= ' class="heatCell matrix-interaction ' . ($pickingMode ? 'cell-picking"' : '"');
$td .= isset($colours[$tagName]) ? ' style="background: ' . h($colours[$tagName]) . '; color: ' . h($this->TextColour->getTextColour($colours[$tagName])) . '"' : '' ;
@ -91,22 +88,23 @@ foreach($attackTactic as $tactic):
$td .= ' data-target-type="attribute"';
$td .= ' data-target-id="'.h($target_id).'"';
}
$td .= ' title="'.h($clusters[$i]['external_id']).'"';
$td .= ' title="'.h($cell['external_id']).'"';
$td .= '>' . h($name);
$added = true;
} else {
$td .= 'class="">';
} else { // empty cell
$td = '<td style="border: none;">';
}
$td .= '</td>';
$tr .= $td;
}
$td .= '</td>';
echo $td;
}
echo '</tr>';
$i++;
} while($added);
?>
</tbody>
</table>
$tr .= '</tr>';
$body .= $tr;
$i++;
} while($added);
echo $body;
?>
</tbody>
</table>
</div>
</div>
<?php endforeach; ?>

1
app/View/Events/view.ctp
View File

@ -33,6 +33,7 @@
}
}
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'viewEvent', 'mayModify' => $mayModify, 'mayPublish' => $mayPublish));
echo $this->Html->css('attack_matrix');
?>
<div class="events view">
<?php

7
app/webroot/css/attack_matrix.css
View File

@ -1,11 +1,11 @@
.matrix-table td {
border-top: none;
border: 1px solid #e2e2e2;
}
.matrix-table th {
padding: 0px 5px;
color: transparent;
line-height: 12px;
line-height: 0px;
}
.matrix-table thead > tr {
@ -17,6 +17,9 @@
.matrix-table tbody {
/*height: 670px;*/
overflow-y: scroll;
/* display: inline-block;
position: relative; */
top: -23px;
}
table.matrix-table {