MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Parsing MITRE ATT&CK tactic matrix related to the Joe report

Browse Source
pull/304/head
chrisr3d 4 years ago
parent e608107a09
commit be05de62c0
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 9 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      misp_modules/modules/import_mod/joe_import.py

9
misp_modules/modules/import_mod/joe_import.py
Unescape View File

@ -73,6 +73,7 @@ class JoeParser():
self.handle_attributes()
if self.references:
self.build_references()
self.parse_mitre_attack()
self.finalize_results()
def build_references(self):
@ -109,6 +110,14 @@ class JoeParser():
'relationship': 'drops'
})
def parse_mitre_attack(self):
mitreattack = self.data['mitreattack']
if mitreattack:
for tactic in mitreattack['tactic']:
if tactic.get('technique'):
for technique in tactic['technique']:
self.misp_event.add_tag('misp-galaxy:mitre-attack-pattern="{} - {}"'.format(technique['name'], technique['id']))
def parse_network_behavior(self):
network = self.data['behavior']['network']
connections = defaultdict(lambda: defaultdict(set))

Write Preview
Loading…
Cancel
Save