Island: Remove attack-data submodule

Removed submodule with its fork.
Remove usage of the submodule.
Fixed monkey_island.spec
Added attack_mitigations dump.
Added hook for above file.
This commit is contained in:
Ilija Lazoroski 2021-09-29 14:35:15 +02:00 committed by Mike Salvatore
parent 6de33bfd57
commit 36b13d0db9
7 changed files with 18 additions and 70 deletions

3
.gitmodules vendored
View File

@ -1,6 +1,3 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"] [submodule "docs/themes/learn"]
path = docs/themes/learn path = docs/themes/learn
url = https://github.com/guardicode/hugo-theme-learn.git url = https://github.com/guardicode/hugo-theme-learn.git

@ -1 +0,0 @@
Subproject commit fb8942b1a10f4e734ed75542f2ccae7cbd72c46d

View File

@ -1,42 +1,4 @@
import os
from typing import Dict, List
from stix2 import AttackPattern, CourseOfAction, FileSystemSource, Filter
from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH
class MitreApiInterface: class MitreApiInterface:
ATTACK_DATA_PATH = os.path.join(
MONKEY_ISLAND_ABS_PATH, "cc", "services", "attack", "attack_data", "enterprise-attack"
)
@staticmethod
def get_all_mitigations() -> Dict[str, CourseOfAction]:
file_system = FileSystemSource(MitreApiInterface.ATTACK_DATA_PATH)
mitigation_filter = [Filter("type", "=", "course-of-action")]
all_mitigations = file_system.query(mitigation_filter)
all_mitigations = {mitigation["id"]: mitigation for mitigation in all_mitigations}
return all_mitigations
@staticmethod
def get_all_attack_techniques() -> Dict[str, AttackPattern]:
file_system = FileSystemSource(MitreApiInterface.ATTACK_DATA_PATH)
technique_filter = [Filter("type", "=", "attack-pattern")]
all_techniques = file_system.query(technique_filter)
all_techniques = {technique["id"]: technique for technique in all_techniques}
return all_techniques
@staticmethod
def get_technique_and_mitigation_relationships() -> List[CourseOfAction]:
file_system = FileSystemSource(MitreApiInterface.ATTACK_DATA_PATH)
technique_filter = [
Filter("type", "=", "relationship"),
Filter("relationship_type", "=", "mitigates"),
]
all_techniques = file_system.query(technique_filter)
return all_techniques
@staticmethod @staticmethod
def get_stix2_external_reference_id(stix2_data) -> str: def get_stix2_external_reference_id(stix2_data) -> str:
for reference in stix2_data["external_references"]: for reference in stix2_data["external_references"]:

File diff suppressed because one or more lines are too long

View File

@ -35,20 +35,5 @@ def _try_store_mitigations_on_mongo():
def _store_mitigations_on_mongo(): def _store_mitigations_on_mongo():
stix2_mitigations = MitreApiInterface.get_all_mitigations() # TODO: import attack mitigations
mongo_mitigations = AttackMitigations.dict_from_stix2_attack_patterns( pass
MitreApiInterface.get_all_attack_techniques()
)
mitigation_technique_relationships = (
MitreApiInterface.get_technique_and_mitigation_relationships()
)
for relationship in mitigation_technique_relationships:
mongo_mitigations[relationship["target_ref"]].add_mitigation(
stix2_mitigations[relationship["source_ref"]]
)
for relationship in mitigation_technique_relationships:
mongo_mitigations[relationship["target_ref"]].add_no_mitigations_info(
stix2_mitigations[relationship["source_ref"]]
)
for key, mongo_object in mongo_mitigations.items():
mongo_object.save()

View File

@ -13,7 +13,7 @@ def main():
# The format of the tuples is (src, dest_dir). See https://pythonhosted.org/PyInstaller/spec-files.html#adding-data-files # The format of the tuples is (src, dest_dir). See https://pythonhosted.org/PyInstaller/spec-files.html#adding-data-files
added_datas = [ added_datas = [
("../common/BUILD", "/common"), ("../common/BUILD", "/common"),
("../monkey_island/cc/services/attack/attack_data", "/monkey_island/cc/services/attack/attack_data") ("../monkey_island/cc/services/mongo/attack_mitigations.json", "/monkey_island/cc/services/mongo/attack_mitigations.json")
] ]
a = Analysis(['main.py'], a = Analysis(['main.py'],

View File

@ -1,14 +1,18 @@
import pytest import json
from pathlib import Path
from monkey_island.cc.services.attack.mitre_api_interface import MitreApiInterface from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH
@pytest.mark.slow
def test_get_all_mitigations(): def test_get_all_mitigations():
mitigations = MitreApiInterface.get_all_mitigations() attack_mitigation_path = (
assert len(mitigations.items()) >= 282 Path(MONKEY_ISLAND_ABS_PATH) / "cc" / "setup" / "mongo" / "attack_mitigations.json"
mitigation = next(iter(mitigations.values())) )
assert mitigation["type"] == "course-of-action"
assert mitigation["name"] is not None with open(attack_mitigation_path) as mitigations:
assert mitigation["description"] is not None mitigations = json.load(mitigations)
assert mitigation["external_references"] is not None assert len(mitigations) >= 266
mitigation = next(iter(mitigations))["mitigations"][0]
assert mitigation["name"] is not None
assert mitigation["description"] is not None
assert mitigation["url"] is not None