MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Parsing MITRE ATT&CK tactic matrix related to the Joe report

pull/304/head
chrisr3d 2019-05-23 15:59:52 +02:00
parent e608107a09
commit be05de62c0
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
misp_modules/modules/import_mod/joe_import.py
View File

@ -73,6 +73,7 @@ class JoeParser():
self.handle_attributes()
if self.references:
self.build_references()
self.parse_mitre_attack()
self.finalize_results()
def build_references(self):
@ -109,6 +110,14 @@ class JoeParser():
'relationship': 'drops'
})
def parse_mitre_attack(self):
mitreattack = self.data['mitreattack']
if mitreattack:
for tactic in mitreattack['tactic']:
if tactic.get('technique'):
for technique in tactic['technique']:
self.misp_event.add_tag('misp-galaxy:mitre-attack-pattern="{} - {}"'.format(technique['name'], technique['id']))
def parse_network_behavior(self):
network = self.data['behavior']['network']
connections = defaultdict(lambda: defaultdict(set))