Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Load data via STIX 2.1 Collection Index #629

Merged
merged 47 commits into from
Apr 25, 2024
Merged
Changes from all commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
d9c6be4
load collection index
clemiller Feb 25, 2024
fdc6fc0
Merge branch 'develop' into use-collection-index
clemiller Feb 25, 2024
5f2c5e0
rename function
clemiller Mar 5, 2024
a46e403
move domain class from stix directory
clemiller Mar 5, 2024
a18089a
Merge branch 'develop' into use-collection-index
clemiller Mar 5, 2024
4a8d635
remove unused code
clemiller Mar 5, 2024
cb2366d
code smell
clemiller Mar 5, 2024
d968cbb
parse collection index into domain/version structure
clemiller Mar 5, 2024
a032cc8
add mimimum supported version to globals
clemiller Mar 5, 2024
07a41e2
only parse valid versions
clemiller Mar 5, 2024
98512d8
cleanup styles
clemiller Mar 5, 2024
a5f09d9
update tabs note
clemiller Mar 5, 2024
83f0495
use domain identifier for layer compatibility
clemiller Mar 5, 2024
73f6cdd
code cleanup
clemiller Mar 5, 2024
30ead38
return properly for edge cases
clemiller Mar 6, 2024
20f98ac
only parse most recent minor versions
clemiller Mar 7, 2024
0646a09
retrieve latest version during parsing
clemiller Mar 7, 2024
621956e
remove tests for deleted function
clemiller Mar 7, 2024
be262f0
update svg domain section
clemiller Mar 7, 2024
52e6cce
global replace
clemiller Mar 7, 2024
60abef5
backwards compatibility for versions structure
clemiller Mar 7, 2024
b4d67ba
config validation
clemiller Mar 7, 2024
be53691
Merge remote-tracking branch 'origin/develop' into use-collection-index
clemiller Mar 11, 2024
97984c2
Merge remote-tracking branch 'origin/develop' into use-collection-index
clemiller Mar 18, 2024
fcffba4
remove unused code
clemiller Mar 18, 2024
1dd1b29
Merge remote-tracking branch 'origin/develop' into use-collection-index
clemiller Mar 21, 2024
7f7c2bd
add enabled option to user defined versions
clemiller Mar 21, 2024
b206ce8
Merge branch 'develop' into load-from-collection-index
clemiller Mar 26, 2024
213a1a4
update existing tests
clemiller Mar 26, 2024
fcb043d
config validation tests
clemiller Mar 26, 2024
d8efb4e
add dataservice tests
clemiller Mar 26, 2024
0f304c7
data service tests
clemiller Mar 27, 2024
4bb18d9
tabs component tests
clemiller Mar 27, 2024
c36592e
autoformatter
clemiller Mar 27, 2024
c0a2313
remove old layer file format specs
clemiller Mar 27, 2024
32396d8
update readme
clemiller Mar 27, 2024
0fb6bdf
add link to stix 2.1 data
clemiller Mar 27, 2024
7f6f06b
Merge branch 'develop' into load-from-collection-index
clemiller Apr 4, 2024
c1bdecd
support for taxii 2.1
clemiller Apr 9, 2024
334e87a
update docs
clemiller Apr 9, 2024
cdee8e7
autoformatter
clemiller Apr 9, 2024
0381b99
update version to 5.0.0
clemiller Apr 9, 2024
2d4608c
minor changes
clemiller Apr 9, 2024
ec25bd3
minor change
clemiller Apr 25, 2024
fa4360b
update documentation
clemiller Apr 25, 2024
69c8e3b
Merge remote-tracking branch 'origin/develop' into load-from-collecti…
clemiller Apr 25, 2024
4406ccd
fix tests
clemiller Apr 25, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -9,6 +9,16 @@
The creation of the tag can be disabled with the --no-git-tag-version if desired.
-->

# 5.0.0 - Changes staged on develop

## Improvements
- Updated Navigator to load data via the STIX 2.1 Collection Index. See issue [#607](https://github.com/mitre-attack/attack-navigator/issues/607).
- Added the `collection_index_url` property to `config.json` which specifies the URL to the collection index. By default, it is set to [ATT&CK's STIX 2.1 Collection Index](https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json). More information about Collection Indexes can be found [here](https://github.com/mitre-attack/attack-stix-data?tab=readme-ov-file#collection-indexes).
- Removed the hardcoded list of ATT&CK versions from the `versions` property in `config.json`. Support for this property is continued for loading custom versions of the dataset, integration with the ATT&CK Workbench, loading content from a TAXII server, and for offline hosting. For any issues encountered, please ensure the versions `enabled` property is set to `true` and the data is properly defined in the versions `entries` array.
- The `collection_index_url` property and/or the `versions` property must be defined for Navigator to load properly. When both properties are defined, the Navigator will display the union of the versions that are specified under the "More Options" dropdown in the "Create New Layer" interface. If neither are defined, the user will be alerted that the Navigator failed to load.
- Added support for loading content from a TAXII 2.1 server. See issue [#277](https://github.com/mitre-attack/attack-navigator/issues/277). For more information on how to load content from TAXII 2.1 see _Loading content from a TAXII server_ in the [README](README.md).
- Improved error handling when there is an issue loading the configuration file. See issue [#398](https://github.com/mitre-attack/attack-navigator/issues/398).

# 4.9.5 - 23 April 2024

Adds support for ATT&CK v15.0.
116 changes: 83 additions & 33 deletions README.md
Original file line number Diff line number Diff line change
@@ -8,9 +8,7 @@ The principal feature of the Navigator is the ability for users to define layers

The ATT&CK Navigator is hosted live via GitHub Pages. [You can find a live instance of the current version of the Navigator here](https://mitre-attack.github.io/attack-navigator). You can read more about how to use the application itself in the [USAGE](/USAGE.md) document (which is mirrored in the in-app help page).

Version 4.0 of the ATT&CK Navigator supports all ATT&CK domains in a single instance of the application instead of requiring a different instance for each domain. It also sees the introduction of support for the ICS domain. See [the changelog](CHANGELOG.md) for more information.

Additionally, older versions of ATT&CK can now be loaded in the application. The ATT&CK Navigator supports ATT&CK versions 8, 7, 6, 5, and 4. Older versions do not work in the application since their data model is too outdated.
Version 4.0+ of the ATT&CK Navigator supports all ATT&CK domains in a single instance of the application instead of requiring a different instance for each domain. Additionally, older versions of ATT&CK can be loaded in the application. The ATT&CK Navigator supports ATT&CK versions 4+. Older versions do not work in the application since their data model is too outdated.

Previous versions of the Navigator application are also hosted via GitHub Pages for users who want a more classic experience:
| ATT&CK Version | Navigator Version | Domains | |
@@ -66,11 +64,10 @@ _Note: `ng build --configuration production` does not currently work for ATT&CK
### Running the Navigator offline

1. Install the Navigator as per instructions above.
2. Follow instructions under [loading content from local files](#Loading-content-from-local-files) to configure the Navigator to populate the matrix without an internet connection. For enterprise-attack, use [this file](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json). For mobile-attack, use [this file](https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json). For pre-attack, use [this file](https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json).

### Common issues

1. If serving or compiling the application gives the warning `Module not found: can't resolve 'fs'`, run the command `npm run postinstall`. The postinstall step usually runs automatically after `npm install` to patch the `fs` issue, but in some environments it must be run manually.
2. Follow instructions under [loading content from local files](#Loading-content-from-local-files) to configure the Navigator to populate the matrix without an internet connection. The latest MITRE ATT&CK data files can be found here:
- [Enterprise ATT&CK](https://github.com/mitre-attack/attack-stix-data/raw/master/enterprise-attack/enterprise-attack.json).
- [Mobile ATT&CK](https://github.com/mitre-attack/attack-stix-data/raw/master/mobile-attack/mobile-attack.json).
- [ICS ATT&CK](https://github.com/mitre-attack/attack-stix-data/raw/master/ics-attack/ics-attack.json).

## Documentation

@@ -129,43 +126,96 @@ Example custom context menu objects:
}
```

## Loading content from a TAXII server
## Methods for loading content

### Loading content from a Collection Index

By default, the Navigator loads content from the ATT&CK Collection Index hosted on the [ATT&CK STIX Data repository](#related-mitre-work). More information about Collection Indexes can be found [here](https://github.com/mitre-attack/attack-stix-data?tab=readme-ov-file#collection-indexes).

1. Modify the `config.json` file located in the `src/assets` directory.
2. Set the `collection_index_url` property to the URL of your Collection Index (for example, `"collection_index_url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json"`)

*Note: For the Navigator to load successfully, either the `collection_index_url` property, the `versions` property, or both must be defined. If both the `collection_index_url` and `versions` properties are defined, the Navigator will display the union of the versions under the "More Options" dropdown in the "Create New Layer" interface. If neither are defined, an alert will be triggered indicating that the Navigator failed to load.*

*By default, the Navigator loads content from ATT&CK STIX data hosted on the [MITRE/CTI repository](#related-mitre-work). Note: TAXII 2.1/STIX 2.1 bundles are **not** supported when loading content from a TAXII server.*
### Loading content from a TAXII server

1. Edit the `config.json` file in the **nav-app/src/assets** directory.
2. Define the `taxii_url` property in place of the `data` property and set the value to your server's URL.
3. Define the `taxii_collection` property and set the value to the collection UUIDs your TAXII server has set.
Both TAXII 2.0 and TAXII 2.1 are currently supported. Support for TAXII 2.0 will be deprecated in December 2024. More information about the TAXII 2.1 Server can be found [here](https://github.com/mitre-attack/attack-workbench-taxii-server/tree/main).

Example loading content from a TAXII server:
1. Modify the `config.json` file located in the `src/assets` directory.
2. In the `versions` section, set the `enabled` property to `true`.
3. Define the `taxii_url` property in the list of domains, in place of the domain `data` property, and set its value to the TAXII server URL.
4. Define the `taxii_collection` property and set its value to the collection UUID as determined by the TAXII server.

#### Example loading content from a TAXII 2.0 server:

```json
"domains": [
{
"name": "Enterprise",
"taxii_url": "https://cti-taxii.mitre.org/",
"taxii_collection": "95ecc380-afe9-11e4-9b6c-751b66dd541e"
}
]
"versions": {
"enabled": true,
"entries": [
{
"name": "Enterprise TAXII 2.0 Data",
"version": "14",
"domains": [
{
"name": "Enterprise",
"taxii_url": "https://cti-taxii.mitre.org/",
"taxii_collection": "95ecc380-afe9-11e4-9b6c-751b66dd541e"
}
]
}
]
},
```

## Loading content from local files
#### Example loading content from a TAXII 2.1 server:

*It's possible to populate the the Navigator using files that consist of bundles of STIX objects, similarly to [this](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json) file. STIX 2.0 and STIX 2.1 bundles are supported.*
```json
"versions": {
"enabled": true,
"entries": [
{
"name": "Enterprise TAXII 2.1 Data",
"version": "14",
"domains": [
{
"name": "Enterprise",
"taxii_url": "https://attack-taxii.mitre.org/",
"taxii_collection": "x-mitre-collection--1f5f1533-f617-4ca8-9ab4-6a02367fa019"
}
]
}
]
},
```

1. Put the stix bundles in `src/assets`. This will tell the server hosting the Navigator to host the data as well.
2. Edit the `config.json` file in the **nav-app/src/assets** directory.
3. Change the URL specified in the `data` array to the path to the STIX bundle (e.g `assets/enterprise-attack.json`). Multiple paths may be added to the `data` array to display multiple STIX bundles in a single instance.
### Loading content from local files

Example loading content from local files:
Navigator can be populated using files that consist of bundles of STIX objects, similar to the format found in [this example](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json). Both STIX 2.0 and STIX 2.1 bundles are supported.

1. Place the STIX bundle(s) in the `src/assets` directory. This allows the server hosting the Navigator to also host the data.
2. Modify the `config.json` file located in the `src/assets` directory.
3. In the `versions` section, set the `enabled` property to `true`.
4. Update the URL specified in the `data` array to the path to the STIX bundle (for example, `assets/enterprise-attack.json`). Multiple paths may be added to the `data` array to display multiple STIX bundles in a single instance.

#### Example loading content from local files:

```json
"domains": [
{
"name": "Enterprise",
"data": ["assets/enterprise-attack.json"]
}
]
"versions": {
"enabled": true,
"entries": [
{
"name": "Local Enterprise STIX Data",
"version": "14",
"domains": [
{
"name": "Enterprise",
"identifier": "enterprise-attack",
"data": ["assets/enterprise-attack.json"]
}
]
}
]
},
```

## Running the Docker File
6 changes: 3 additions & 3 deletions layers/LAYERFORMATv4_5.md
Original file line number Diff line number Diff line change
@@ -109,7 +109,7 @@ The following example illustrates the layer file format of a single layer:
"name": "example layer",
"versions": {
"attack": "13",
"navigator": "4.9.1",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
@@ -233,7 +233,7 @@ The following example illustrates the layer file format of multiple layers. The
"name": "example layer",
"versions": {
"attack": "14",
"navigator": "4.9.1",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
@@ -351,7 +351,7 @@ The following example illustrates the layer file format of multiple layers. The
"name": "example layer",
"versions": {
"attack": "14",
"navigator": "4.9.1",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
12 changes: 6 additions & 6 deletions nav-app/angular.json
Original file line number Diff line number Diff line change
@@ -63,12 +63,12 @@
}
]
},
"googleAnalytics": {
"index": {
"input": "src/index.google-analytics.html",
"output": "index.html"
}
}
"googleAnalytics": {
"index": {
"input": "src/index.google-analytics.html",
"output": "index.html"
}
}
},
"defaultConfiguration": ""
},
4 changes: 2 additions & 2 deletions nav-app/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion nav-app/package.json
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@
"type": "git",
"url": "https://github.com/mitre-attack/attack-navigator.git"
},
"version": "4.9.5",
"version": "5.0.0",
"license": "Apache-2.0",
"scripts": {
"ng": "ng",
80 changes: 42 additions & 38 deletions nav-app/redirects/enterprise/index.html
Original file line number Diff line number Diff line change
@@ -1,39 +1,43 @@
<!DOCTYPE html>
<!doctype html>
<html lang="en">
<head>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GFD952VXH6"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-GFD952VXH6');
</script>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>ATT&amp;CK&reg; Navigator</title>
</head>
<body>
<div>
<h3>ATT&CK Navigator's Enterprise instance has moved to the new multi-domain instance.</h3>
<p>This page should automatically redirect. If it does not, please use the following link:</p>
<p><a href="https://mitre-attack.github.io/attack-navigator/">https://mitre-attack.github.io/attack-navigator/</a></p>
</div>

<style>
h3 {
font-size: 25px;
}
div {
max-width: 35em;
margin: 5vh auto;
}
.deemphasis {
color: rgb(171, 171, 171);
}
</style>
<script>
let configuration = window.location.hash
let redirectURL = "https://mitre-attack.github.io/attack-navigator" + configuration
console.log("redirecting to", redirectURL)
window.location = redirectURL;
</script>
</body>
</html>
<head>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GFD952VXH6"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() {
dataLayer.push(arguments);
}
gtag('js', new Date());
gtag('config', 'G-GFD952VXH6');
</script>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>ATT&amp;CK&reg; Navigator</title>
</head>
<body>
<div>
<h3>ATT&CK Navigator's Enterprise instance has moved to the new multi-domain instance.</h3>
<p>This page should automatically redirect. If it does not, please use the following link:</p>
<p><a href="https://mitre-attack.github.io/attack-navigator/">https://mitre-attack.github.io/attack-navigator/</a></p>
</div>

<style>
h3 {
font-size: 25px;
}
div {
max-width: 35em;
margin: 5vh auto;
}
.deemphasis {
color: rgb(171, 171, 171);
}
</style>
<script>
let configuration = window.location.hash;
let redirectURL = 'https://mitre-attack.github.io/attack-navigator' + configuration;
console.log('redirecting to', redirectURL);
window.location = redirectURL;
</script>
</body>
</html>
Loading