From be05de62c008e57f4ac322e045ff6f52b8dac05c Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Thu, 23 May 2019 15:59:52 +0200
Subject: [PATCH] add: Parsing MITRE ATT&CK tactic matrix related to the Joe
 report

---
 misp_modules/modules/import_mod/joe_import.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/misp_modules/modules/import_mod/joe_import.py b/misp_modules/modules/import_mod/joe_import.py
index efefb3e..d20de60 100644
--- a/misp_modules/modules/import_mod/joe_import.py
+++ b/misp_modules/modules/import_mod/joe_import.py
@@ -73,6 +73,7 @@ class JoeParser():
             self.handle_attributes()
         if self.references:
             self.build_references()
+        self.parse_mitre_attack()
         self.finalize_results()
 
     def build_references(self):
@@ -109,6 +110,14 @@ class JoeParser():
                     'relationship': 'drops'
                 })
 
+    def parse_mitre_attack(self):
+        mitreattack = self.data['mitreattack']
+        if mitreattack:
+            for tactic in mitreattack['tactic']:
+                if tactic.get('technique'):
+                    for technique in tactic['technique']:
+                        self.misp_event.add_tag('misp-galaxy:mitre-attack-pattern="{} - {}"'.format(technique['name'], technique['id']))
+
     def parse_network_behavior(self):
         network = self.data['behavior']['network']
         connections = defaultdict(lambda: defaultdict(set))