ATLAS Data 3.0.0, new GitHub repository

mitre-atlas · Mar 24, 2022 · 522e5f4 · 522e5f4
commit 522e5f4
Show file tree

Hide file tree

Showing 46 changed files with 6,301 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,184 @@
+
+# Created by https://www.toptal.com/developers/gitignore/api/python,vim,visualstudiocode
+# Edit at https://www.toptal.com/developers/gitignore?templates=python,vim,visualstudiocode
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+### Vim ###
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+# End of https://www.toptal.com/developers/gitignore/api/python,vim,visualstudiocode
+
+.DS_Store
+*~
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,72 @@
+---
+# This file is a template, and might need editing before it works on your project.
+# To contribute improvements to CI/CD templates, please follow the Development guide at:
+# https://docs.gitlab.com/ee/development/cicd/templates.html
+# This specific template is located at:
+# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Python.gitlab-ci.yml
+
+# Note that the Gitlab Runner machine is configured to use MITRE repo
+image: python:3
+
+# Change pip's cache directory to be inside the project directory since we can
+# only cache local items.
+variables:
+  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+
+# Pip's cache doesn't store the python packages
+# https://pip.pypa.io/en/stable/reference/pip_install/#caching
+#
+# If you want to also cache the installed packages, you have to install
+# them in a virtualenv and cache it as well.
+cache:
+  paths:
+    - .cache/pip
+    - venv/
+
+before_script:
+  - python -V
+  - python -m venv venv
+  - source venv/bin/activate
+  - pip install -r tools/requirements.txt
+
+lint yaml:
+  stage: test
+  script:
+    - pip install -r tests/requirements.txt
+    - yamllint -c tests/.yamllint .
+  rules:
+    - changes:
+        - "*.yaml"
+        - "*.yml"
+
+validate data:
+  stage: test
+  script:
+    - pip install -r tests/requirements.txt
+    # Run tests with minimal console output, produce report, and fail on warnings
+    - pytest --tb=line --junitxml=report.xml -W error::UserWarning
+    - yamllint -c tests/.yamllint .
+  artifacts:
+    when: always
+    reports:
+      junit: report.xml
+  rules:
+    - changes:
+        - data/*.yaml   # Source data was updated
+        - tests/*.py    # Any tests changed
+        - conftest.py   # Any test fixtures changed
+
+# Checks that a generated ATLAS.yaml matches the one commited to this project.
+# Fails if they are different, only runs on merge requests or protected branches
+check ATLAS.yaml up-to-date:
+  stage: test
+  script:
+    - python tools/create_matrix.py
+    - git diff --exit-code dist/ATLAS.yaml || exit_code=$?
+    - if [[ $exit_code -ne 0 ]]; then echo 'Runner-generated dist/ATLAS.yaml is different from remote repository version - run tools/create_matrix.py to update and commit the result.'; exit 123; fi;
+  rules:
+    # Default branch, main, tags, and all types of merge request pipelines.
+    - if: $CI_MERGE_REQUEST_IID
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: '$CI_COMMIT_BRANCH == "main"'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,94 @@
+# ATLAS Data Changelog
+
+## [3.0.0]() (2022-03-23)
+
+Move to new GitHub repository under the `mitre-atlas` group
+
+#### Distributed files
+- Renamed case study JSON schema file and updated to include `study` key expected by the ATLAS website
+- Added README.md with usage
+
+#### Case studies
+- Minor title updates
+
+## [2.4.0]() (2022-03-10)
+
+Repository re-org and cleanup, added READMEs to all directories
+
+#### Distributed files
+- Moved `ATLAS.yaml` into a new `dist` directory
+- Added JSON Schema files for `ATLAS.yaml` and case study files as created by the ATLAS website to `dist/schemas` directory
+
+#### Schemas
+- Moved schemas from test fixtures into their own directory
+
+#### Tools
+- Moved Navigator scripts to a separate repository
+- Added case study file import script
+- Added JSON Schema generation script
+
+## [2.3.1]() (2022-02-07)
+
+#### Tools
+- ATLAS YAML generation script uses Jinja template evaluation and handles relative `!include` filepaths
+
+## [2.3.0]() (2022-01-24)
+
+#### Tactics and techniques
+- Adapted referenced ATT&CK tactics into the ATLAS framework
+    + Updated descriptions to be machine learning-specific
+    + Changed IDs to ATLAS IDs
+- Added ATLAS techniques used in new case studies, adapted from ATT&CK with updated ATLAS IDs and descriptions
+    + Data from Information Repositories
+    + Establish Accounts
+    + Valid Accounts
+
+#### Case studies
+- Added key `incident-date-granularity` to case study files with values `DATE`, `MONTH`, or `YEAR` indicating the specificity of the `incident-date`
+
+## [2.2.1]() (2021-12-08)
+
+Fixes to all data
+
+#### Tests
+- Added pytest suite for data validation and syntax checks
+
+## [2.2.0]() (2021-10-29)
+
+#### Case studies
+- Added new case studies
+    1. AML.CS0013
+    2. AML.CS0014
+
+#### Tools
+- Removed retrieval and usage of ATT&CK Enterprise data
+
+## [2.1.0]() (2021-08-31)
+
+`advmlthreatmatrix` renamed to `ATLAS`
+
+- Scripts updated accordingly
+- Fixes to all data
+
+## [2.0.1]() (2021-06-11)
+
+Fixes to all data
+
+#### Tools
+- Added data validation script
+
+## [2.0.0]() (2021-05-13)
+
+#### Distributed files
+- Added `ATLAS.yaml` file with all tactics, techniques, and case studies
+
+#### Tactics and techniques
+- Removed hardcoded IDs in favor of YAML anchors and template syntax
+
+#### Tools
+- Added `ATLAS.yaml` generation script
+- Added ATT&CK Enterprise v9 STIX retrieval and conversion script
+
+## [1.0.0]() (2021-02-17)
+
+Initial data definition
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,35 @@
+# Contributing to ATLAS Data
+
+Contributions are welcome - feel free to use the issues or make pull requests to the `develop` branch for general questions and fixes.
+
+To propose additions or significant changes to the ATLAS framework, please email [[email protected]](mailto:[email protected]).
+
+To help construct case study submissions, please use the [case study builder](https://atlas.mitre.org/studies/create).
+
+## Developer's Certificate of Origin 1.1
+
+```
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```