From 26b07933310fd992476e6ea2ca017b877f7dbcfb Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 22 Sep 2021 15:53:52 +0530 Subject: [PATCH] island: Add code to create reverse schema i.e. each attack technique mapped to its config fields --- .../config_schema_per_attack_technique.py | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 monkey/monkey_island/cc/services/config_schema/config_schema_per_attack_technique.py diff --git a/monkey/monkey_island/cc/services/config_schema/config_schema_per_attack_technique.py b/monkey/monkey_island/cc/services/config_schema/config_schema_per_attack_technique.py new file mode 100644 index 000000000..b00c378f0 --- /dev/null +++ b/monkey/monkey_island/cc/services/config_schema/config_schema_per_attack_technique.py @@ -0,0 +1,48 @@ +from typing import Dict, List + +from monkey_island.cc.services.config_schema.config_schema import SCHEMA + + +def get_reverse_config_schema(): + return _get_config_schema_per_attack_technique() + + +def _get_config_schema_per_attack_technique() -> Dict[str, Dict[str, List[str]]]: + """ + :return: dictionary mapping each attack technique to relevant config fields; example - + { + "T1003": { + "System Info Collectors": [ + "Mimikatz collector", + "Azure credential collector" + ] + } + } + """ + reverse_schema = {} + + definitions = SCHEMA["definitions"] + for definition in definitions: + definition_type = definitions[definition]["title"] + for field in definitions[definition]["anyOf"]: + config_field = field["title"] + if "attack_techniques" in field: + for attack_technique in field["attack_techniques"]: + _add_config_field_to_reverse_schema( + definition_type, config_field, attack_technique, reverse_schema + ) + + return reverse_schema + + +def _add_config_field_to_reverse_schema( + definition_type: str, config_field: str, attack_technique: str, reverse_schema: Dict +) -> None: + if attack_technique in reverse_schema: + technique = reverse_schema[attack_technique] + if definition_type in technique: + technique[definition_type].append(config_field) + else: + technique[definition_type] = [config_field] + else: + reverse_schema[attack_technique] = {definition_type: [config_field]}