MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [fight] add ATT&CK rel + fix description bug

pull/1012/head
Christophe Vandeplas 2024-06-17 15:05:35 +02:00
parent 2f47a3c505
commit e7c5bc7956
No known key found for this signature in database
GPG Key ID: BDC48619FFDC5A5B
2 changed files with 288 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

412
clusters/mitre-fight-techniques.json
View File

File diff suppressed because it is too large Load Diff

36
tools/gen_mitre_fight.py
View File

@ -17,13 +17,14 @@
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from bs4 import BeautifulSoup
from markdown import markdown
import json import json
import os import os
import re
import requests import requests
import uuid import uuid
import yaml import yaml
from bs4 import BeautifulSoup
from markdown import markdown
uuid_seed = '8666d04b-977a-434b-82b4-f36271ec1cfb' uuid_seed = '8666d04b-977a-434b-82b4-f36271ec1cfb'
@ -44,6 +45,18 @@ fight = yaml.safe_load(r.text)
# fight = yaml.safe_load(f) # fight = yaml.safe_load(f)
with open('../clusters/mitre-attack-pattern.json', 'r') as mitre_f:
mitre = json.load(mitre_f)
def find_mitre_uuid_from_technique_id(technique_id):
for item in mitre['values']:
if item['meta']['external_id'] == technique_id:
return item['uuid']
print("No MITRE UUID found for technique_id: ", technique_id)
return None
def clean_ref(text: str) -> str: def clean_ref(text: str) -> str:
''' '''
'<a name="1"> \\[1\\] </a> [5GS Roaming Guidelines Version 5.0 (non-confidential), NG.113-v5.0, GSMA, December 2021](https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf)' '<a name="1"> \\[1\\] </a> [5GS Roaming Guidelines Version 5.0 (non-confidential), NG.113-v5.0, GSMA, December 2021](https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf)'
@ -82,11 +95,28 @@ for item in fight['techniques']:
}, },
'related': [] 'related': []
} }
keys_to_skip = ['id', 'name', 'references', 'tactics'] keys_to_skip = ['id', 'name', 'references', 'tactics', 'description']
for keys in item.keys(): for keys in item.keys():
if keys not in keys_to_skip: if keys not in keys_to_skip:
element['meta'][keys] = item[keys] element['meta'][keys] = item[keys]
if 'https://attack.mitre.org/techniques/' in item['description']:
# extract the references from the description
# add it as ref and build the relationship to the technique using uuid
url = re.search(r'(https?://[^\)]+)/(T[^\)]+)', item['description'])
if url:
extracted_url = url.group(0)
element['meta']['refs'].append(extracted_url)
technique_uuid = find_mitre_uuid_from_technique_id(url.group(2).replace('/', '.'))
if technique_uuid:
element['related'].append({
'dest-uuid': technique_uuid,
'type': 'related-to'
})
else:
print("WARNING: No MITRE UUID found for technique_id: ", url.group(2))
pass
try: try:
for ref in item['references']: for ref in item['references']:
element['meta']['refs'].append(clean_ref(ref)) element['meta']['refs'].append(clean_ref(ref))