Add [tidal] scipts to create new galaxies

2024-02-19 11:30:10 +01:00 · 2024-02-19 11:30:10 +01:00 · a33e9e2a14
parent b4ad928722
commit a33e9e2a14
4 changed files with 223 additions and 0 deletions
--- a/tools/tidal-api/api.py
+++ b/tools/tidal-api/api.py
@ -0,0 +1,15 @@
+import requests
+
+class TidalAPI:
+    def __init__(self):
+        self.base_url = 'https://app-api.tidalcyber.com/api/v1/'
+
+    def get_data(self, endpoint):
+        url = self.base_url + endpoint
+        try:
+            response = requests.get(url)
+            return response.json()
+        except Exception as e:
+            print(f'Error: {e}')
+            return None
+
--- a/tools/tidal-api/create_campaigns.py
+++ b/tools/tidal-api/create_campaigns.py
@ -0,0 +1,62 @@
+from api import TidalAPI
+import json
+
+VERSION = 1
+GALAXY_PATH = "../../galaxies/"
+CLUSTER_PATH = "../../clusters/"
+GALAXY_UUID = "43a8fce6-08d3-46c2-957d-53606efe2c48"
+
+def create_galaxy():
+    galaxy = {}
+    galaxy["description"] = "Tidal Campaigns Galaxy"
+    galaxy["name"] = "Tidal Campaigns"
+    galaxy["namespace"] = "tidal"
+    galaxy["type"] = "campaigns"
+    galaxy["uuid"] = GALAXY_UUID
+    galaxy["version"] = VERSION
+    return galaxy
+
+def create_cluster(galaxy, data):
+    cluster = {}
+    values = []
+
+    for campaigns in data["data"]:
+        value = {}
+        relations = []
+
+        value["description"] = campaigns["description"]
+
+        value["meta"] = {}
+        value["meta"]["source"] = campaigns["source"]
+        value["meta"]["campaign-attack-id"] = campaigns["campaign_attack_id"]
+        value["meta"]["first-seen"] = campaigns["first_seen"]
+        value["meta"]["last-seen"] = campaigns["last_seen"]
+        value["meta"]["tags"] = campaigns["tags"]
+        value["meta"]["owner"] = campaigns["owner_name"]
+
+        value["related"] = relations
+        value["uuid"] = campaigns["id"]
+        value["value"] = campaigns["name"]
+        values.append(value)
+
+    cluster["authors"] = ["Tidal"]
+    cluster["category"] = "Threat campaigns"
+    cluster["description"] = "Tidal Campaigns"
+    cluster["name"] = "Tidal Campaigns"
+    cluster["source"] = "https://app-api.tidalcyber.com/api/v1/campaigns"
+    cluster["type"] = "campaigns"
+    cluster["uuid"] = galaxy["uuid"]
+    cluster["values"] = values
+    return cluster
+
+if __name__ == "__main__":
+    api = TidalAPI()
+    data = api.get_data('campaigns')
+    galaxy = create_galaxy()
+    cluster = create_cluster(galaxy, data)
+
+    with open(GALAXY_PATH + "tidal-campaigns.json", "w") as galaxy_file:
+        json.dump(galaxy, galaxy_file, indent=4)
+
+    with open(CLUSTER_PATH + "tidal-campaigns.json", "w") as cluster_file:
+        json.dump(cluster, cluster_file, indent=4)
--- a/tools/tidal-api/create_groups.py
+++ b/tools/tidal-api/create_groups.py
@ -0,0 +1,73 @@
+from api import TidalAPI
+import json
+
+VERSION = 1
+GALAXY_PATH = "../../galaxies/"
+CLUSTER_PATH = "../../clusters/"
+GALAXY_UUID = "41c3e5c0-de5c-4edb-b48b-48cd8e7519e6"
+
+def create_galaxy():
+    galaxy = {}
+    galaxy["description"] = "Tidal Threat Group Galaxy"
+    galaxy["name"] = "Tidal Threat Group"
+    galaxy["namespace"] = "tidal"
+    galaxy["type"] = "threat-group"
+    galaxy["uuid"] = GALAXY_UUID
+    galaxy["version"] = VERSION
+    return galaxy
+
+
+def create_cluster(galaxy, data):
+    cluster = {}
+    values = []
+
+    for group in data["data"]:
+        value = {}
+        relations = []
+        # TODO check for id and associated_group_id and add to relations
+        for entry in group["associated_groups"]:
+            relation = {}
+            relation["dest-uuid"] = entry["id"]
+            relation["type"] = "related-to"
+            relations.append(relation)
+
+        value["description"] = group["description"]
+
+        value["meta"] = {}
+        value["meta"]["source"] = group["source"]
+        value["meta"]["group-attack-id"] = group["group_attack_id"]
+        value["meta"]["country"] = [country["country_code"] for country in group["country"]]
+        value["meta"]["observed_country"] = [country["country_code"] for country in group["observed_country"]]
+        value["meta"]["motive"] = [motive["name"] for motive in group["observed_motivation"]]
+        value["meta"]["target-category"] = [sector["name"] for sector in group["observed_sector"]]
+        value["meta"]["tags"] = group["tags"]
+        value["meta"]["owner"] = group["owner_name"]
+
+        value["related"] = relations
+        value["uuid"] = group["id"]
+        value["value"] = group["name"]
+        values.append(value)
+
+    cluster["authors"] = ["Tidal"]
+    cluster["category"] = "Threat Group"
+    cluster["description"] = "Tidal Threat Groups"
+    cluster["name"] = "Tidal Threat Group"
+    cluster["source"] = "https://app-api.tidalcyber.com/api/v1/groups"
+    cluster["type"] = "threat-group"
+    cluster["uuid"] = galaxy["uuid"]
+    cluster["values"] = values
+    return cluster
+
+
+if __name__ == "__main__":
+
+    api = TidalAPI()
+    data = api.get_data("groups")
+    galaxy = create_galaxy()
+    cluster = create_cluster(galaxy, data)
+
+    with open(GALAXY_PATH + "tidal-threat-group.json", "w") as galaxy_file:
+        json.dump(galaxy, galaxy_file, indent=4)
+
+    with open(CLUSTER_PATH + "tidal-threat-group.json", "w") as cluster_file:
+        json.dump(cluster, cluster_file, indent=4)
--- a/tools/tidal-api/create_software.py
+++ b/tools/tidal-api/create_software.py
@ -0,0 +1,73 @@
+from api import TidalAPI
+import json
+
+VERSION = 1
+GALAXY_PATH = "../../galaxies/"
+CLUSTER_PATH = "../../clusters/"
+GALAXY_UUID = "38d62d8b-4c49-489a-9bc4-8e294c4f04f7"
+
+def create_galaxy():
+    galaxy = {}
+    galaxy["description"] = "Tidal Software Galaxy"
+    galaxy["name"] = "Tidal Software"
+    galaxy["namespace"] = "tidal"
+    galaxy["type"] = "software"
+    galaxy["uuid"] = GALAXY_UUID
+    galaxy["version"] = VERSION
+    return galaxy
+
+def create_cluster(galaxy, data):
+    cluster = {}
+    values = []
+
+    for software in data["data"]:
+        value = {}
+        relations = []
+        # TODO check for relations etc.
+        for entry in software["groups"]:
+            relation = {}
+            relation["dest-uuid"] = entry["id"]
+            relation["type"] = "used-by"
+            relations.append(relation)
+        for entry in software["associated_software"]:
+            relation = {}
+            relation["dest-uuid"] = entry["id"]
+            relation["type"] = "related-to"
+            relations.append(relation)
+
+        value["description"] = software["description"]
+
+        value["meta"] = {}
+        value["meta"]["source"] = software["source"]
+        value["meta"]["type"] = software["type"]
+        value["meta"]["software-attack-id"] = software["software_attack_id"]
+        value["meta"]["platforms"] = software["platforms"]
+        value["meta"]["tags"] = software["tags"]
+        value["meta"]["owner"] = software["owner_name"]
+
+        value["related"] = relations
+        value["uuid"] = software["id"]
+        value["value"] = software["name"]
+        values.append(value)
+
+    cluster["authors"] = ["Tidal"]
+    cluster["category"] = "Threat software"
+    cluster["description"] = "Tidal Threat Groups"
+    cluster["name"] = "Tidal Threat software"
+    cluster["source"] = "https://app-api.tidalcyber.com/api/v1/software"
+    cluster["type"] = "threat-software"
+    cluster["uuid"] = galaxy["uuid"]
+    cluster["values"] = values
+    return cluster
+
+if __name__ == "__main__":
+    api = TidalAPI()
+    data = api.get_data('software')
+    galaxy = create_galaxy()
+    cluster = create_cluster(galaxy, data)
+
+    with open(GALAXY_PATH + "tidal-software.json", "w") as galaxy_file:
+        json.dump(galaxy, galaxy_file, indent=4)
+
+    with open(CLUSTER_PATH + "tidal-software.json", "w") as cluster_file:
+        json.dump(cluster, cluster_file, indent=4)