Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Development: Create STIX data files #8

Merged
merged 16 commits into from
Oct 28, 2023
Merged

Development: Create STIX data files #8

merged 16 commits into from
Oct 28, 2023

Conversation

tleef42
Copy link
Contributor

@tleef42 tleef42 commented Oct 17, 2023

Creates 3 scripts to generate STIX bundles from sensor data. Organization of scripts is modeled from the VERIS Mappings to ATT&CK project such that:

Directory Description
parse/ Tools for parsing Sensor data and mappings spreadsheets.
util/ Utilities for generating content from mappings data, such as Navigator layers, CSV files, etc.

src/util/create_mappings.py

Summary

This intakes the Excel sheet for the mappings, converts it to a DataFrame and standardizes the fields.
Adds the ATT&CK Data Source ID as a new field to the DataFrame using an ATT&CK spreadsheets
The DataFrame is split by Sensor and saved as CSVs which are used to generate STIX objects in generate_stix.py

src/parse/generate_stix.py

Summary

Utility script to generate and save STIX Bundles files from a corresponding CSV. The script creates custom STIX Objects when needed for:

  • Data Source
  • Data Component
  • Sensor Mapping
    and saves all new SDOs and SROs to Reference-for-mappings-enterprise.json in order to avoid overwriting STIX IDs.

src/util/create_heatmap.py

Summary

Generates ATT&CK Navigator layers for the sensor from its STIX Bundle on disk. It builds out a layer for each Sensor Data Bundle on disk and consolidates all the techniques from all Sensor Navigator layers into a file called sensor-comparison-heatmap.json. The layers can be found in the layers folder of the attack type in the stix output folder.

Related Tickets

Resolves the tickets SMAP70 & SMAP-83

@tleef42 tleef42 requested a review from mehaase October 17, 2023 21:05
@tleef42 tleef42 changed the title STIX Mapping creations Development: Create STIX data files Oct 17, 2023
mehaase
mehaase requested changes Oct 18, 2023
View reviewed changes
src/parse/generate_stix.py Show resolved Hide resolved
src/parse/generate_stix.py Show resolved Hide resolved
src/parse/generate_stix.py Show resolved Hide resolved
src/parse/generate_stix.py Show resolved Hide resolved
src/parse/generate_stix.py Show resolved Hide resolved
src/parse/generate_stix.py Show resolved Hide resolved
src/util/create_mappings.py Show resolved Hide resolved
src/util/create_heatmap.py Outdated Show resolved Hide resolved
src/util/create_mappings.py Show resolved Hide resolved
@tleef42
Merge remote-tracking branch 'origin' into mapping-pages
7122aaf 
Conflicts:
	poetry.lock
	pyproject.toml
@tleef42 tleef42 requested a review from mehaase October 25, 2023 15:00
@tleef42
fixed bug with duplication
3a80ebb 
Old comparison method did not take only ID into account and added dupes of STIX objects (due to differences in timestamp fields).
Added a simple method to handle searching by ID before adding.
@mehaase mehaase merged commit cbf9b94 into main Oct 28, 2023
1 check failed
@mehaase mehaase deleted the mapping-pages branch October 28, 2023 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mehaase mehaase mehaase approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tleef42 @mehaase