forked from p15670423/monkey
Island: Handle metadata in attack mitigations json
This commit is contained in:
parent
45c66fe309
commit
1748955213
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit fb8942b1a10f4e734ed75542f2ccae7cbd72c46d
|
File diff suppressed because one or more lines are too long
|
@ -1,6 +1,7 @@
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
from pprint import pformat
|
||||||
|
|
||||||
from pymongo import errors
|
from pymongo import errors
|
||||||
|
|
||||||
|
@ -46,8 +47,11 @@ def _try_store_mitigations_on_mongo():
|
||||||
def _store_mitigations_on_mongo():
|
def _store_mitigations_on_mongo():
|
||||||
try:
|
try:
|
||||||
with open(ATTACK_MITIGATION_PATH) as f:
|
with open(ATTACK_MITIGATION_PATH) as f:
|
||||||
file_data = json.load(f)
|
attack_mitigations = json.load(f)
|
||||||
|
|
||||||
|
logger.debug(f'Loading attack mitigations data:\n{pformat(attack_mitigations["metadata"])}')
|
||||||
|
|
||||||
mongodb_collection = mongo.db[AttackMitigations.COLLECTION_NAME]
|
mongodb_collection = mongo.db[AttackMitigations.COLLECTION_NAME]
|
||||||
mongodb_collection.insert_many(file_data)
|
mongodb_collection.insert_many(attack_mitigations["data"])
|
||||||
except json.decoder.JSONDecodeError as e:
|
except json.decoder.JSONDecodeError as e:
|
||||||
raise Exception(f"Invalid attack mitigations {ATTACK_MITIGATION_PATH} file: {e}")
|
raise Exception(f"Invalid attack mitigations {ATTACK_MITIGATION_PATH} file: {e}")
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
[{"_id": "T1066", "mitigations": [{"name": "Indicator Removal from Tools Mitigation", "description": "Mitigation is difficult in instances like this because the adversary may have access to the system through another channel and can learn what techniques or tools are blocked by resident defenses. Exercising best practices with configuration and security as well as ensuring that proper process is followed during investigation of potential compromise is essential to detecting a larger intrusion through discrete alerts.", "url": ""}]}, {"_id": "T1047", "mitigations": [{"name": "Privileged Account Management", "description": "Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.", "url": "https://attack.mitre.org/mitigations/M1026"}, {"name": "User Account Management", "description": "Manage the creation, modification, use, and permissions associated to user accounts.", "url": "https://attack.mitre.org/mitigations/M1018"}]}, {"_id": "T1156", "mitigations": [{"name": "Restrict File and Directory Permissions", "description": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.", "url": "https://attack.mitre.org/mitigations/M1022"}]}]
|
{"metadata":{"timestamp": "1632959947.9542503", "commit_hash": "fb8942b1a", "origin_url": "https://github.com/guardicore/cti.git"},"data":[{"_id": "T1066", "mitigations": [{"name": "Indicator Removal from Tools Mitigation", "description": "Mitigation is difficult in instances like this because the adversary may have access to the system through another channel and can learn what techniques or tools are blocked by resident defenses. Exercising best practices with configuration and security as well as ensuring that proper process is followed during investigation of potential compromise is essential to detecting a larger intrusion through discrete alerts.", "url": ""}]}, {"_id": "T1047", "mitigations": [{"name": "Privileged Account Management", "description": "Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.", "url": "https://attack.mitre.org/mitigations/M1026"}, {"name": "User Account Management", "description": "Manage the creation, modification, use, and permissions associated to user accounts.", "url": "https://attack.mitre.org/mitigations/M1018"}]}, {"_id": "T1156", "mitigations": [{"name": "Restrict File and Directory Permissions", "description": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.", "url": "https://attack.mitre.org/mitigations/M1022"}]}]}
|
||||||
|
|
|
@ -53,7 +53,7 @@ def test_get_all_mitigations():
|
||||||
)
|
)
|
||||||
|
|
||||||
with open(attack_mitigation_path) as mitigations:
|
with open(attack_mitigation_path) as mitigations:
|
||||||
mitigations = json.load(mitigations)
|
mitigations = json.load(mitigations)["data"]
|
||||||
assert len(mitigations) >= 266
|
assert len(mitigations) >= 266
|
||||||
mitigation = next(iter(mitigations))["mitigations"][0]
|
mitigation = next(iter(mitigations))["mitigations"][0]
|
||||||
assert mitigation["name"] is not None
|
assert mitigation["name"] is not None
|
||||||
|
|
Loading…
Reference in New Issue