add ability to parse to navigator layers

src/mappings_explorer/cli/mapex/cli.py

@@ -4,6 +4,7 @@
 
 from mappings_explorer.cli.mapex.write_parsed_mappings import (
     write_parsed_mappings_csv,
+    write_parsed_mappings_navigator_layer,
     write_parsed_mappings_yaml,
 )
 
@@ -51,12 +52,18 @@ def write_parsed_cve_mappings():
     parsed_mappings_filepath = f"{PARSED_MAPPINGS_DIR}/cve/parsed_cve_mappings.json"
     output_filepath = f"{MAPEX_DIR}/cve_files/parsed_cve_mappings"
     parsed_mappings = read_json_file(parsed_mappings_filepath)
+
+    # write parsed mappings to a yaml file
     write_parsed_mappings_yaml(parsed_mappings, output_filepath)
 
     # key that connects the metadata csv file and the attack objects csv file
     metadata_key = 0
+    # write parsed mappings to a csv file
     write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key)
 
+    # write parse mappings to navigator layer
+    write_parsed_mappings_navigator_layer(parsed_mappings, output_filepath, "cve")
+
 
 def write_parsed_nist_mappings():
     nist_parsed_mappings_dir = f"{PARSED_MAPPINGS_DIR}/nist/"
@@ -97,6 +104,11 @@ def write_parsed_nist_mappings():
             write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key)
             metadata_key += 1
 
+            # write parsed mappings to navigator layer
+            write_parsed_mappings_navigator_layer(
+                parsed_mappings, output_filepath, "nist"
+            )
+
 
 def write_parsed_veris_mappings():
     veris_parsed_mappings_dir = f"{PARSED_MAPPINGS_DIR}/veris"
@@ -129,6 +141,11 @@ def write_parsed_veris_mappings():
             write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key)
             metadata_key += 1
 
+            # write parsed mappings to navigator layer
+            write_parsed_mappings_navigator_layer(
+                parsed_mappings, output_filepath, "veris"
+            )
+
 
 def write_parsed_security_stack_mappings():
     security_stack_dir = f"{PARSED_MAPPINGS_DIR}/security_stack"
@@ -162,3 +179,8 @@ def write_parsed_security_stack_mappings():
             # write parsed mappings to csv
             write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key)
             metadata_key += 1
+
+            # write parsed mappings to navigator layer
+            write_parsed_mappings_navigator_layer(
+                parsed_mappings, output_filepath, "security stack"
+            )

src/mappings_explorer/cli/mapex/security_stack_files/AWS/parsed_security_stack_mappings_navigator_layer.json

@@ -0,0 +1 @@
+{"name": "security stack overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": 9}, "sorting": 3, "description": "security stack heatmap overview of security stack mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1040", "score": 5, "comment": "Related to AWS RDS, AWS Config, AWS IoT Device Defender, Amazon Virtual Private Cloud, AWS CloudWatch"}, {"techniqueID": "T1565", "score": 5, "comment": "Related to AWS RDS, AWS RDS, Amazon GuardDuty, AWS CloudEndure Disaster Recovery, Amazon Virtual Private Cloud"}, {"techniqueID": "T1557", "score": 4, "comment": "Related to AWS RDS, AWS Config, AWS IoT Device Defender, Amazon Virtual Private Cloud"}, {"techniqueID": "T1190", "score": 8, "comment": "Related to AWS RDS, AWS RDS, AWS Config, Amazon GuardDuty, AWS CloudEndure Disaster Recovery, Amazon Inspector, AWS Web Application Firewall, AWS Security Hub"}, {"techniqueID": "T1210", "score": 6, "comment": "Related to AWS RDS, AWS RDS, AWS Config, Amazon Inspector, Amazon Virtual Private Cloud, AWS Security Hub"}, {"techniqueID": "T1485", "score": 8, "comment": "Related to AWS RDS, AWS RDS, AWS RDS, AWS Config, AWS S3, Amazon GuardDuty, AWS CloudEndure Disaster Recovery, AWS Security Hub"}, {"techniqueID": "T1486", "score": 4, "comment": "Related to AWS RDS, AWS Config, Amazon GuardDuty, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1490", "score": 3, "comment": "Related to AWS RDS, AWS RDS, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1561", "score": 2, "comment": "Related to AWS RDS, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1530", "score": 7, "comment": "Related to AWS RDS, AWS Config, AWS S3, Amazon GuardDuty, AWS IoT Device Defender, AWS Security Hub, AWS Network Firewall"}, {"techniqueID": "T1529", "score": 2, "comment": "Related to AWS RDS, Amazon Inspector"}, {"techniqueID": "T1489", "score": 2, "comment": "Related to AWS RDS, Amazon Inspector"}, {"techniqueID": "T1020", "score": 3, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender"}, {"techniqueID": "T1053", "score": 2, "comment": "Related to AWS Config, Amazon Inspector"}, {"techniqueID": "T1068", "score": 3, "comment": "Related to AWS Config, Amazon Inspector, AWS Security Hub"}, {"techniqueID": "T1078", "score": 10, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS IoT Device Defender, AWS Organizations, Amazon Cognito, AWS Security Hub, AWS Identity and Access Management, AWS Identity and Access Management, AWS Single Sign-On"}, {"techniqueID": "T1098", "score": 4, "comment": "Related to AWS Config, Amazon GuardDuty, AWS Security Hub, AWS Identity and Access Management"}, {"techniqueID": "T1110", "score": 7, "comment": "Related to AWS Config, Amazon GuardDuty, Amazon Inspector, Amazon Cognito, AWS Security Hub, AWS Identity and Access Management, AWS Single Sign-On"}, {"techniqueID": "T1119", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1136", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1203", "score": 4, "comment": "Related to AWS Config, Amazon Inspector, AWS Web Application Firewall, AWS Security Hub"}, {"techniqueID": "T1211", "score": 3, "comment": "Related to AWS Config, Amazon Inspector, AWS Security Hub"}, {"techniqueID": "T1212", "score": 4, "comment": "Related to AWS Config, Amazon Inspector, AWS Security Hub, AWS Secrets Manager"}, {"techniqueID": "T1204", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1491", "score": 3, "comment": "Related to AWS Config, Amazon GuardDuty, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1496", "score": 4, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS CloudWatch"}, {"techniqueID": "T1498", "score": 5, "comment": "Related to AWS Config, Amazon GuardDuty, AWS Shield, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1499", "score": 4, "comment": "Related to AWS Config, AWS Shield, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1525", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1538", "score": 2, "comment": "Related to AWS Config, AWS Organizations"}, {"techniqueID": "T1552", "score": 6, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS Key Management Service, AWS Secrets Manager, AWS CloudHSM"}, {"techniqueID": "T1562", "score": 6, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS IoT Device Defender, Amazon Inspector, AWS Security Hub"}, {"techniqueID": "T1609", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1610", "score": 2, "comment": "Related to AWS Config, AWS CloudWatch"}, {"techniqueID": "T1611", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1613", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1595", "score": 5, "comment": "Related to Amazon GuardDuty, Amazon Inspector, Amazon Virtual Private Cloud, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1189", "score": 3, "comment": "Related to Amazon GuardDuty, Amazon Inspector, AWS Web Application Firewall"}, {"techniqueID": "T1566", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1580", "score": 3, "comment": "Related to Amazon GuardDuty, AWS Organizations, AWS Security Hub"}, {"techniqueID": "T1526", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1046", "score": 6, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, Amazon Inspector, Amazon Virtual Private Cloud, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1071", "score": 4, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1568", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to Amazon GuardDuty, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1090", "score": 4, "comment": "Related to Amazon GuardDuty, Amazon Virtual Private Cloud, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1029", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1041", "score": 3, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, AWS Network Firewall"}, {"techniqueID": "T1048", "score": 4, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1567", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1531", "score": 2, "comment": "Related to Amazon GuardDuty, AWS Security Hub"}, {"techniqueID": "T1095", "score": 3, "comment": "Related to AWS IoT Device Defender, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to AWS Organizations"}, {"techniqueID": "T1588", "score": 2, "comment": "Related to AWS Key Management Service, AWS CloudHSM"}, {"techniqueID": "T1133", "score": 4, "comment": "Related to Amazon Inspector, Amazon Virtual Private Cloud, AWS Network Firewall, AWS Single Sign-On"}, {"techniqueID": "T1021", "score": 3, "comment": "Related to Amazon Inspector, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1070", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1599", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1037", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1543", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1590", "score": 3, "comment": "Related to Amazon Virtual Private Cloud, AWS Security Hub, AWS Network Firewall"}, {"techniqueID": "T1205", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1018", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1008", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1219", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1199", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1602", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1542", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1072", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1482", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1059", "score": 1, "comment": "Related to AWS Web Application Firewall"}, {"techniqueID": "T1592", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1589", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1591", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1550", "score": 1, "comment": "Related to AWS Identity and Access Management"}, {"techniqueID": "T1528", "score": 2, "comment": "Related to AWS Identity and Access Management, AWS Secrets Manager"}, {"techniqueID": "T1555", "score": 1, "comment": "Related to AWS Secrets Manager"}, {"techniqueID": "T1187", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1572", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1104", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1553", "score": 1, "comment": "Related to AWS CloudHSM"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 10}}

src/mappings_explorer/cli/mapex/write_parsed_mappings.py

@@ -14,15 +14,6 @@ def write_parsed_mappings_yaml(parsed_mappings, filepath):
     result_yaml_file.write(parsed_mappings_yaml)
 
 
-def write_parsed_mappings_json(parsed_mappings, filepath):
-    result_json_file = open(
-        f"{filepath}.json",
-        "w",
-        encoding="UTF-8",
-    )
-    json.dump(parsed_mappings, fp=result_json_file)
-
-
 def write_parsed_mappings_csv(parsed_mappings, filepath, metadata_key):
     # create csv with metadata
     metadata_object = parsed_mappings["metadata"]
@@ -37,3 +28,76 @@ def write_parsed_mappings_csv(parsed_mappings, filepath, metadata_key):
 
     attack_object_df = pd.DataFrame(attack_objects)
     attack_object_df.to_csv(f"{filepath}_attack-objects.csv")
+
+
+def write_parsed_mappings_navigator_layer(parsed_mappings, filepath, mapping_type):
+    techniques_dict = get_techniques_dict(parsed_mappings)
+    layer = create_layer(techniques_dict, parsed_mappings, mapping_type)
+    navigator_layer = open(
+        f"{filepath}_navigator_layer.json",
+        "w",
+        encoding="UTF-8",
+    )
+    json.dump(layer, fp=navigator_layer)
+
+
+def get_techniques_dict(parsed_mappings):
+    techniques_dict = {}
+    for mapping in parsed_mappings["attack-objects"]:
+        tehchnique_id = mapping["attack-object-id"]
+        capability_id = mapping["capability-id"]
+        if techniques_dict.get(tehchnique_id):
+            techniques_dict[tehchnique_id].append(capability_id)
+        else:
+            techniques_dict[tehchnique_id] = [capability_id]
+    return techniques_dict
+
+
+def create_layer(techniques_dict, parsed_mappings, mapping_type):
+    description = (
+        f"{mapping_type} heatmap overview of {mapping_type} "
+        "mappings, scores are the number of associated entries"
+    )
+
+    # this will change when there is only one metadata object per project
+    mappings_metadata = parsed_mappings["metadata"]
+
+    gradient = ["#ffe766", "#ffaf66"]
+    layer = {
+        "name": f"{mapping_type} overview",
+        "versions": {
+            "navigator": "4.8.0",
+            "layer": "4.4",
+            "attack": mappings_metadata["attack-version"],
+        },
+        "sorting": 3,
+        "description": description,
+        "domain": f"{mappings_metadata['technology-domain']}-attack",
+        "techniques": [],
+        "gradient": {
+            "colors": gradient,
+        },
+    }
+    for technique in techniques_dict:
+        related_controls_string = ", ".join(techniques_dict[technique])
+        layer["techniques"].append(
+            {
+                "techniqueID": technique,
+                "score": len(techniques_dict[technique]),
+                "comment": f"Related to {related_controls_string}",
+            }
+        )
+
+    layer["gradient"]["minValue"] = (
+        min(map(lambda t: t["score"], layer["techniques"]))
+        if len(layer["techniques"]) > 0
+        else 0
+    )
+
+    layer["gradient"]["maxValue"] = (
+        max(map(lambda t: t["score"], layer["techniques"]))
+        if len(layer["techniques"]) > 0
+        else 100
+    )
+
+    return layer