2017-08-16 11:22:20 +02:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import json
import re
import os
2017-08-17 15:52:26 +02:00
import argparse
2017-08-16 11:22:20 +02:00
2018-03-22 14:15:06 +01:00
parser = argparse . ArgumentParser ( description = ' Create a couple galaxy/cluster with cti \' s attack-patterns \n Must be in the mitre/cti/enterprise-attack/attack-pattern folder ' )
2017-08-17 15:52:26 +02:00
parser . add_argument ( " -v " , " --version " , type = int , required = True , help = " Version of the galaxy. Please increment the previous one " )
args = parser . parse_args ( )
2017-08-16 11:22:20 +02:00
values = [ ]
for element in os . listdir ( ' . ' ) :
if element . endswith ( ' .json ' ) :
with open ( element ) as json_data :
d = json . load ( json_data )
json_data . close ( )
temp = d [ ' objects ' ] [ 0 ]
value = { }
value [ ' description ' ] = temp [ ' description ' ]
2018-04-03 15:53:17 +02:00
value [ ' value ' ] = temp [ ' name ' ] + ' - ' + temp [ ' external_references ' ] [ 0 ] [ ' external_id ' ]
2017-08-16 11:22:20 +02:00
value [ ' meta ' ] = { }
value [ ' meta ' ] [ ' refs ' ] = [ ]
for reference in temp [ ' external_references ' ] :
2018-04-03 15:53:17 +02:00
if ' url ' in reference and reference [ ' url ' ] not in value [ ' meta ' ] [ ' refs ' ] :
2017-08-16 11:22:20 +02:00
value [ ' meta ' ] [ ' refs ' ] . append ( reference [ ' url ' ] )
2018-05-18 16:15:26 +02:00
if ' external_id ' in reference :
value [ ' meta ' ] [ ' external_id ' ] = reference [ ' external_id ' ]
2018-05-19 12:56:20 +02:00
value [ ' meta ' ] [ ' kill_chain ' ] = [ ]
for killchain in temp [ ' kill_chain_phases ' ] :
value [ ' meta ' ] [ ' kill_chain ' ] . append ( killchain [ ' kill_chain_name ' ] + ' :enterprise-attack: ' + killchain [ ' phase_name ' ] )
2017-08-16 11:22:20 +02:00
if ' x_mitre_data_sources ' in temp :
2017-10-26 09:44:23 +02:00
value [ ' meta ' ] [ ' mitre_data_sources ' ] = temp [ ' x_mitre_data_sources ' ]
2017-08-16 11:22:20 +02:00
if ' x_mitre_platforms ' in temp :
2017-10-26 09:44:23 +02:00
value [ ' meta ' ] [ ' mitre_platforms ' ] = temp [ ' x_mitre_platforms ' ]
2017-08-16 11:22:20 +02:00
values . append ( value )
2018-02-21 16:28:11 +01:00
value [ ' uuid ' ] = re . search ( ' --(.*)$ ' , temp [ ' id ' ] ) . group ( 0 ) [ 2 : ]
2017-08-16 11:22:20 +02:00
galaxy = { }
2018-03-22 14:15:06 +01:00
galaxy [ ' name ' ] = " Enterprise Attack - Attack Pattern "
galaxy [ ' type ' ] = " mitre-enterprise-attack-attack-pattern "
2017-08-16 11:22:20 +02:00
galaxy [ ' description ' ] = " ATT&CK Tactic "
2018-02-21 16:28:11 +01:00
galaxy [ ' uuid ' ] = " fa7016a8-1707-11e8-82d0-1b73d76eb204 "
2017-08-17 15:52:26 +02:00
galaxy [ ' version ' ] = args . version
2017-10-26 10:28:05 +02:00
galaxy [ ' icon ' ] = " map "
2018-05-20 09:36:35 +02:00
galaxy [ ' namespace ' ] = " mitre-attack "
2017-08-16 11:22:20 +02:00
2018-04-03 15:53:17 +02:00
cluster = { }
2018-03-22 14:15:06 +01:00
cluster [ ' name ' ] = " Enterprise Attack - Attack Pattern "
cluster [ ' type ' ] = " mitre-enterprise-attack-attack-pattern "
2017-08-16 11:22:20 +02:00
cluster [ ' description ' ] = " ATT&CK tactic "
2017-08-17 15:52:26 +02:00
cluster [ ' version ' ] = args . version
2017-08-16 11:22:20 +02:00
cluster [ ' source ' ] = " https://github.com/mitre/cti "
2018-02-21 16:28:11 +01:00
cluster [ ' uuid ' ] = " fb2242d8-1707-11e8-ab20-6fa7448c3640 "
2017-08-16 11:22:20 +02:00
cluster [ ' authors ' ] = [ " MITRE " ]
cluster [ ' values ' ] = values
2018-03-22 14:15:06 +01:00
with open ( ' generate/galaxies/mitre-enterprise-attack-attack-pattern.json ' , ' w ' ) as galaxy_file :
2017-08-16 11:22:20 +02:00
json . dump ( galaxy , galaxy_file , indent = 4 )
2018-03-22 14:15:06 +01:00
with open ( ' generate/clusters/mitre-enterprise-attack-attack-pattern.json ' , ' w ' ) as cluster_file :
2017-08-16 11:22:20 +02:00
json . dump ( cluster , cluster_file , indent = 4 )