NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit7bb67e8

committed

fixes in renders for avoid duplicates in mitre tags

1 parent6720e81 commit7bb67e8Copy full SHA for 7bb67e8

File tree

10 files changed

+51

-20

lines changed

translator
- app
  - routers
    - assistance.py
  - translator
    - core
      - mitre.py
      - mixins
        rule.py
    - platforms
      - elasticsearch/renders
        detection_rule.py
      - logscale/renders
        logscale_alert.py
      - microsoft/renders
        microsoft_sentinel_rule.py
      - sigma/parsers
        sigma.py
      - splunk/renders
        splunk_alert.py
- server.py
update_local_mitre.py

10 files changed

+51

-20

lines changed

`‎translator/app/routers/assistance.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`
`17`	`17`	`@asynccontextmanager`
`18`	`18`	`asyncdeflifespan(app:FastAPI)->Generator[None,None,None]:# noqa: ARG001`
`19`		`-MitreConfig().update_mitre_config()`
	`19`	`+MitreConfig(server=True).update_mitre_config()`
`20`	`20`	`withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/uncoder_meta_info_roota.json"))asfile:`
`21`	`21`	`suggestions["roota"]=json.load(file)`
`22`	`22`	`withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/uncoder_meta_info_sigma.json"))asfile:`

`‎translator/app/translator/core/mitre.py‎`

Lines changed: 18 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`importos`
`3`	`3`	`importssl`
`4`	`4`	`importurllib.request`
	`5`	`+fromjsonimportJSONDecodeError`
`5`	`6`	`fromurllib.errorimportHTTPError`
`6`	`7`
`7`	`8`	`fromapp.translator.tools.singleton_metaimportSingletonMeta`
`@@ -12,9 +13,11 @@ class MitreConfig(metaclass=SingletonMeta):`
`12`	`13`	`config_url:str="https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json"`
`13`	`14`	`mitre_source_types:tuple= ("mitre-attack",)`
`14`	`15`
`15`		`-def__init__(self):`
	`16`	`+def__init__(self,server:bool=False):`
`16`	`17`	`self.tactics= {}`
`17`	`18`	`self.techniques= {}`
	`19`	`+ifnotserver:`
	`20`	`+self.__load_mitre_configs_from_files()`
`18`	`21`
`19`	`22`	`@staticmethod`
`20`	`23`	`def__revoked_or_deprecated(entry:dict)->bool:`
`@@ -88,20 +91,30 @@ def update_mitre_config(self) -> None: # noqa: PLR0912`
`88`	`91`	`sub_technique_id=ref["external_id"]`
`89`	`92`	`sub_technique_name=entry["name"]`
`90`	`93`	`parent_technique_name=technique_map[sub_technique_id.split(".")[0]]`
	`94`	`+parent_tactics=self.techniques.get(sub_technique_id.split(".")[0].lower(), {}).get(`
	`95`	`+"tactic", []`
	`96`	`+ )`
`91`	`97`	`sub_technique_name=f"{parent_technique_name} :{sub_technique_name}"`
`92`	`98`	`self.techniques[ref["external_id"].lower()]= {`
`93`	`99`	`"technique_id":ref["external_id"],`
`94`	`100`	`"technique":sub_technique_name,`
`95`	`101`	`"url":ref["url"],`
	`102`	`+"tactic":parent_tactics`
`96`	`103`	`}`
`97`	`104`	`break`
`98`	`105`
`99`	`106`	`def__load_mitre_configs_from_files(self)->None:`
`100`		`-withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/tactics.json"))asfile:`
`101`		`-self.tactics=json.load(file)`
	`107`	`+try:`
	`108`	`+withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/tactics.json"))asfile:`
	`109`	`+self.tactics=json.load(file)`
	`110`	`+exceptJSONDecodeError:`
	`111`	`+self.tactics= {}`
`102`	`112`
`103`		`-withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/techniques.json"))asfile:`
`104`		`-self.techniques=json.load(file)`
	`113`	`+try:`
	`114`	`+withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/techniques.json"))asfile:`
	`115`	`+self.techniques=json.load(file)`
	`116`	`+exceptJSONDecodeError:`
	`117`	`+self.techniques= {}`
`105`	`118`
`106`	`119`	`defget_tactic(self,tactic:str)->dict:`
`107`	`120`	`tactic=tactic.replace(".","_")`

`‎translator/app/translator/core/mixins/rule.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ def load_rule(text: str) -> dict:`
`27`	`27`
`28`	`28`	`defparse_mitre_attack(self,tags:list[str])->dict[str,list]:`
`29`	`29`	`result= {"tactics": [],"techniques": []}`
`30`		`-fortagintags:`
	`30`	`+fortaginset(tags):`
`31`	`31`	`tag=tag.lower()`
`32`	`32`	`iftag.startswith("attack."):`
`33`	`33`	`tag=tag[7::]`

`‎translator/app/translator/platforms/elasticsearch/renders/detection_rule.py‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ def __create_mitre_threat(self, mitre_attack: dict) -> Union[list, list[dict]]:`
`60`	`60`	`if"."intechnique_name:`
`61`	`61`	`technique_name=technique_name[:technique_name.index(".")]`
`62`	`62`	`threat.append(technique_name)`
`63`		`-returnthreat`
	`63`	`+returnsorted(threat)`
`64`	`64`
`65`	`65`	`fortacticinmitre_attack["tactics"]:`
`66`	`66`	`tactic_render= {"id":tactic["external_id"],"name":tactic["tactic"],"reference":tactic["url"]}`
`@@ -81,7 +81,7 @@ def __create_mitre_threat(self, mitre_attack: dict) -> Union[list, list[dict]]:`
`81`	`81`	`iflen(sub_threat["technique"])>0:`
`82`	`82`	`threat.append(sub_threat)`
`83`	`83`
`84`		`-returnthreat`
	`84`	`+returnsorted(threat,key=lambdax:x["tactic"]["id"])`
`85`	`85`
`86`	`86`	`deffinalize_query(`
`87`	`87`	`self,`

`‎translator/app/translator/platforms/logscale/renders/logscale_alert.py‎`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -56,8 +56,10 @@ def finalize_query(`
`56`	`56`	`rule["name"]=meta_info.titleor_AUTOGENERATED_TITLE`
`57`	`57`	`mitre_attack= []`
`58`	`58`	`ifmeta_info.mitre_attack:`
`59`		`-mitre_attack= [f"ATTACK.{i['tactic']}"foriinmeta_info.mitre_attack.get("tactics", [])]`
`60`		`-mitre_attack.extend([f"ATTACK.{i['technique_id']}"foriinmeta_info.mitre_attack.get("techniques", [])])`
	`59`	`+mitre_attack=sorted([f"ATTACK.{i['tactic']}"foriinmeta_info.mitre_attack.get("tactics", [])])`
	`60`	`+mitre_attack.extend(`
	`61`	`+sorted([f"ATTACK.{i['technique_id']}"foriinmeta_info.mitre_attack.get("techniques", [])])`
	`62`	`+ )`
`61`	`63`	`rule["description"]=get_rule_description_str(`
`62`	`64`	`description=meta_info.description,`
`63`	`65`	`license_=meta_info.license,`

`‎translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py‎`

Lines changed: 8 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -49,16 +49,19 @@ class MicrosoftSentinelRuleRender(MicrosoftSentinelQueryRender):`
`49`	`49`	`field_value_map=MicrosoftSentinelRuleFieldValue(or_token=or_token)`
`50`	`50`
`51`	`51`	`def__create_mitre_threat(self,meta_info:MetaInfoContainer)->tuple[list,list]:`
`52`		`-tactics=[]`
	`52`	`+tactics=set()`
`53`	`53`	`techniques= []`
`54`	`54`
`55`		`-fortacticinmeta_info.mitre_attack.get("tactics", []):`
`56`		`-tactics.append(tactic["tactic"])`
	`55`	`+fortacticinmeta_info.mitre_attack.get("tactics"):`
	`56`	`+tactics.add(tactic["tactic"])`
`57`	`57`
`58`		`-fortechniqueinmeta_info.mitre_attack.get("techniques", []):`
	`58`	`+fortechniqueinmeta_info.mitre_attack.get("techniques"):`
	`59`	`+iftechnique.get("tactic"):`
	`60`	`+fortacticintechnique["tactic"]:`
	`61`	`+tactics.add(tactic)`
`59`	`62`	`techniques.append(technique["technique_id"])`
`60`	`63`
`61`		`-returntactics,techniques`
	`64`	`+returnsorted(tactics),sorted(techniques)`
`62`	`65`
`63`	`66`	`deffinalize_query(`
`64`	`67`	`self,`

`‎translator/app/translator/platforms/sigma/parsers/sigma.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@`
`17`	`17`	`-----------------------------------------------------------------`
`18`	`18`	`"""`
`19`	`19`
`20`		`-`
`21`	`20`	`fromtypingimportUnion`
`22`	`21`
`23`	`22`	`fromapp.translator.core.exceptions.coreimportSigmaRuleValidationException`
`@@ -56,7 +55,7 @@ def _get_meta_info(self, rule: dict, source_mapping_ids: list[str]) -> MetaInfoC`
`56`	`55`	`mitre_attack=self.parse_mitre_attack(rule.get("tags", [])),`
`57`	`56`	`severity=rule.get("level"),`
`58`	`57`	`status=rule.get("status"),`
`59`		`-tags=sorted(set(rule.get("tags")or [])),`
	`58`	`+tags=sorted(set(rule.get("tags", []))),`
`60`	`59`	`false_positives=self.__parse_false_positives(rule.get("falsepositives")),`
`61`	`60`	`source_mapping_ids=source_mapping_ids,`
`62`	`61`	`)`

`‎translator/app/translator/platforms/splunk/renders/splunk_alert.py‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,9 +43,10 @@ class SplunkAlertRender(SplunkQueryRender):`
`43`	`43`	`def__create_mitre_threat(meta_info:MetaInfoContainer)->dict:`
`44`	`44`	`techniques= {"mitre_attack": []}`
`45`	`45`
`46`		`-fortechniqueinmeta_info.mitre_attack.get("techniques", []):`
	`46`	`+fortechniqueinmeta_info.mitre_attack.get("techniques"):`
`47`	`47`	`techniques["mitre_attack"].append(technique["technique_id"])`
`48`	`48`
	`49`	`+techniques["mitre_attack"].sort()`
`49`	`50`	`returntechniques`
`50`	`51`
`51`	`52`	`deffinalize_query(`

`‎translator/server.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`
`21`	`21`
`22`	`22`	`if__name__=="__main__":`
`23`		`-host=os.environ.get("HOST","127.0.0.1")`
	`23`	`+host=os.environ.get("HOST","0.0.0.0")`
`24`	`24`	`port=os.environ.get("PORT","8000")`
`25`	`25`	`ifnotport.isnumeric():`
`26`	`26`	`raiseException("Port should be a number!")`

`‎update_local_mitre.py‎`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,13 @@`
	`1`	`+importjson`
	`2`	`+importos`
	`3`	`+`
	`4`	`+fromtranslator.app.translator.core.mitreimportMitreConfig`
	`5`	`+fromtranslator.constimportROOT_PROJECT_PATH`
	`6`	`+`
	`7`	`+mitre_config=MitreConfig()`
	`8`	`+mitre_config.update_mitre_config()`
	`9`	`+withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/tactics.json"),"w")asfile:`
	`10`	`+json.dump(mitre_config.tactics,file,indent=4)`
	`11`	`+`
	`12`	`+withopen(os.path.join(ROOT_PROJECT_PATH,"app/dictionaries/techniques.json"),"w")asfile:`
	`13`	`+json.dump(mitre_config.techniques,file,indent=4)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7bb67e8

File tree

10 files changed

10 files changed

`‎translator/app/routers/assistance.py‎`

`‎translator/app/translator/core/mitre.py‎`

`‎translator/app/translator/core/mixins/rule.py‎`

`‎translator/app/translator/platforms/elasticsearch/renders/detection_rule.py‎`

`‎translator/app/translator/platforms/logscale/renders/logscale_alert.py‎`

`‎translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py‎`

`‎translator/app/translator/platforms/sigma/parsers/sigma.py‎`

`‎translator/app/translator/platforms/splunk/renders/splunk_alert.py‎`

`‎translator/server.py‎`

`‎update_local_mitre.py‎`

0 commit comments