def detection_rule(self, dr_path):
"""Desc"""
print("Populating Detection Rules..")
if dr_path:
dr_list = glob.glob(dr_path + '*.yml')
else:
dr_dirs = ATCconfig.get('detection_rules_directories')
# check if config provides multiple directories for detection rules
if isinstance(dr_dirs, list):
dr_list = []
for directory in dr_dirs:
dr_list += glob.glob(directory + '/*.yml')
elif isinstance(dr_dirs, str):
dr_list = glob.glob(dr_dirs + '/*.yml')
for dr_file in dr_list:
try:
dr = DetectionRule(dr_file,
apipath=self.apipath,
auth=self.auth,
space=self.space)
dr.render_template("confluence")
confluence_data = {
"title":
dr.fields['title'],
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Detection Rules")),
"confluencecontent":
dr.content,
}
ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
# print("Done: ", dr.fields['title'])
except Exception as err:
print(dr_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Detection Rules populated!")
def data_needed(self, dn_path):
"""Desc"""
print("[*] Populating Data Needed...")
if dn_path:
dn_list = glob.glob(dn_path + '*.yml')
else:
dn_dir = ATCconfig.get('data_needed_dir')
dn_list = glob.glob(dn_dir + '/*.yml')
for dn_file in dn_list:
try:
dn = DataNeeded(dn_file, apipath=self.apipath, auth=self.auth,
space=self.space)
dn.render_template("confluence")
confluence_data = {
"title": dn.dn_fields["title"],
"spacekey": self.space,
"parentid": str(ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space, "Data Needed")),
"confluencecontent": dn.content,
}
res = ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
if res == 'Page updated':
print("==> updated page: DN '" + dn.dn_fields['title'] + "'")
# print("Done: ", dn.dn_fields['title'])
except Exception as err:
print(dn_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("[+] Data Needed populated!")
def logging_policy(self, lp_path):
"""Desc"""
print("[*] Populating Logging Policies...")
if lp_path:
lp_list = glob.glob(lp_path + '*.yml')
else:
lp_dir = ATCconfig.get('logging_policies_dir')
lp_list = glob.glob(lp_dir + '/*.yml')
for lp_file in lp_list:
try:
lp = LoggingPolicy(lp_file)
lp.render_template("confluence")
confluence_data = {
"title": lp.fields["title"],
"spacekey": self.space,
"parentid": str(ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Logging Policies")),
"confluencecontent": lp.content,
}
res = ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
if res == 'Page updated':
print("==> updated page: LP '" + lp.fields['title'] + "'")
# print("Done: ", lp.fields['title'])
except Exception as err:
print(lp_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("[+] Logging Policies populated!")
def mitigation_policy(self, mp_path):
"""Populate Mitigation Policies"""
print("[*] Populating Mitigation Policies...")
if mp_path:
mp_list = glob.glob(mp_path + '*.yml')
else:
mp_dir = ATCconfig.get('mitigation_policies_directory')
mp_list = glob.glob(mp_dir + '/*.yml')
for mp_file in mp_list:
try:
mp = MitigationPolicy(mp_file, apipath=self.apipath,
auth=self.auth, space=self.space)
mp.render_template("confluence")
confluence_data = {
"title": mp.mp_parsed_file["title"],
"spacekey": self.space,
"parentid": str(ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Mitigation Policies")),
"confluencecontent": mp.content,
}
res = ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
if res == 'Page updated':
print("==> updated page: MP '" + mp.mp_parsed_file['title'] + "'")
except Exception as err:
print(mp_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("[+] Mitigation Policies populated!")
def hardening_policy(self, hp_path):
"""Populate Hardening Policies"""
print("[*] Populating Hardening Policies...")
if hp_path:
hp_list = glob.glob(hp_path + '*.yml')
else:
hp_dir = ATCconfig.get('hardening_policies_directory')
hp_list = glob.glob(hp_dir + '/*.yml')
for hp_file in hp_list:
try:
hp = HardeningPolicy(hp_file)
hp.render_template("confluence")
confluence_data = {
"title": hp.hp_parsed_file["title"],
"spacekey": self.space,
"parentid": str(ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Hardening Policies")),
"confluencecontent": hp.content,
}
res = ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
if res == 'Page updated':
print("==> updated page: HP '" + hp.hp_parsed_file['title'] + "'")
except Exception as err:
print(hp_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("[+] Hardening Policies populated!")
def response_playbook(self, rp_path):
"""Nothing here yet"""
print("Populating Response Playbooks..")
if rp_path:
rp_list = glob.glob(rp_path + '*.yml')
else:
rp_list = glob.glob('../response_playbooks/*.yml')
for rp_file in rp_list:
try:
rp = ResponsePlaybook(rp_file,
apipath=self.apipath,
auth=self.auth,
space=self.space)
rp.render_template("confluence")
base = os.path.basename(rp_file)
confluence_data = {
"title":
base,
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Response Playbooks")),
"confluencecontent":
rp.content,
}
ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
# print("Done: ", rp.rp_parsed_file['title'])
except Exception as err:
print(rp_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Response Playbooks populated!")
def customer(self, cu_path):
"""Nothing here yet"""
print("Populating Customers..")
if cu_path:
cu_list = glob.glob(cu_path + '*.yml')
else:
cu_list = glob.glob(
ATCconfig.get('customers_directory') + '/*.yml')
for cu_file in cu_list:
try:
cu = Customer(cu_file,
apipath=self.apipath,
auth=self.auth,
space=self.space)
cu.render_template("confluence")
confluence_data = {
"title":
cu.customer_name,
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space, "Customers")),
"confluencecontent":
cu.content,
}
ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
# print("Done: ", cu.title)
except Exception as err:
print(cu_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Customers populated!")
def enrichment(self, en_path):
"""Nothing here yet"""
print("Populating Enrichments..")
if en_path:
en_list = glob.glob(en_path + '*.yml')
else:
en_list = glob.glob('../enrichments/*.yml')
for en_file in en_list:
try:
en = Enrichment(en_file,
apipath=self.apipath,
auth=self.auth,
space=self.space)
en.render_template("confluence")
confluence_data = {
"title":
en.en_parsed_file['title'],
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Enrichments")),
"confluencecontent":
en.content,
}
ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
# print("Done: ", en.en_parsed_file['title'])
except Exception as err:
print(en_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Enrichments populated!")
def triggers(self, tg_path):
"""Populate Triggers"""
print("Populating Triggers..")
if tg_path:
tg_list = glob.glob(tg_path + '*.yml')
else:
tg_list = glob.glob(
ATCconfig.get("triggers_directory") + '/T*/*.yaml')
for tg_file in tg_list:
try:
tg = Triggers(tg_file)
tg.render_template("confluence")
title = tg.fields["attack_technique"] + ": " + \
te_mapping.get(tg.fields["attack_technique"])
confluence_data = {
"title":
title,
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space, "Triggers")),
"confluencecontent":
tg.content,
}
ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
# print("Done: ", tg.fields["attack_technique"])
except Exception as err:
print(tg_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Triggers populated!")
def mitigation_system(self, ms_path):
"""Populate Mitigation Systems"""
print("Populating Mitigation Systems..")
if ms_path:
ms_list = glob.glob(ms_path + '*.yml')
else:
ms_dir = ATCconfig.get('mitigation_systems_directory')
ms_list = glob.glob(ms_dir + '/*.yml')
for ms_file in ms_list:
try:
ms = MitigationSystem(ms_file)
ms.render_template("confluence")
confluence_data = {
"title":
ms.ms_parsed_file["title"],
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Mitigation Systems")),
"confluencecontent":
ms.content,
}
ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
except Exception as err:
print(ms_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Mitigation Systems populated!")
def response_action(self, ra_path):
"""Nothing here yet"""
print("Populating Response Actions..")
if ra_path:
ra_list = glob.glob(ra_path + '*.yml')
else:
ra_dir = ATCconfig.get('response_actions_dir')
ra_list = glob.glob(ra_dir + '/*.yml')
for ra_file in ra_list:
try:
ra = ResponseAction(ra_file,
apipath=self.apipath,
auth=self.auth,
space=self.space)
ra.render_template("confluence")
confluence_data = {
"title":
ra.ra_parsed_file['title'],
"spacekey":
self.space,
"parentid":
str(
ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Response Actions")),
"confluencecontent":
ra.content,
}
res = ATCutils.push_to_confluence(confluence_data,
self.apipath, self.auth)
if res == 'Page updated':
print("==> updated page: RA '" +
ra.ra_parsed_file['title'] + "'")
# print("Done: ", ra.ra_parsed_file['title'])
except Exception as err:
print(ra_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("Response Actions populated!")
def response_stage(self, rs_path):
"""Nothing here yet"""
print("[*] Populating Response Stages...")
if rs_path:
rs_list = glob.glob(rs_path + '*.yml')
else:
rs_dir = ATCconfig.get('response_stages_dir')
rs_list = glob.glob(rs_dir + '/*.yml')
for rs_file in rs_list:
try:
rs = ResponseStage(rs_file, apipath=self.apipath,
auth=self.auth, space=self.space)
rs.render_template("confluence")
base = os.path.basename(rs_file)
confluence_data = {
"title": rs.rs_parsed_file['title'],
"spacekey": self.space,
"parentid": str(ATCutils.confluence_get_page_id(
self.apipath, self.auth, self.space,
"Response Stages")),
"confluencecontent": rs.content,
}
res = ATCutils.push_to_confluence(confluence_data, self.apipath,
self.auth)
if res == 'Page updated':
print("==> updated page: RS '" + base + "'")
# print("Done: ", rp.rp_parsed_file['title'])
except Exception as err:
print(rs_file + " failed")
print("Err message: %s" % err)
print('-' * 60)
traceback.print_exc(file=sys.stdout)
print('-' * 60)
print("[+] Response Stages populated!")
def main(c_auth=None):
try:
ATCconfig = ATCutils.load_config("config.yml")
confluence_space_name = ATCconfig.get('confluence_space_name')
confluence_space_home_page_name = ATCconfig.get(
'confluence_space_home_page_name')
confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url')
confluence_name_of_root_directory = ATCconfig.get(
'confluence_name_of_root_directory')
except Exception as e:
raise e
pass
if not c_auth:
mail = input("Login: "******""
print("Creating ATC page..")
# print(str(ATCutils.confluence_get_page_id(url,
# auth, confluence_space_name, confluence_space_home_page_name)))
data = {
"title":
confluence_name_of_root_directory,
"spacekey":
confluence_space_name,
"parentid":
str(
ATCutils.confluence_get_page_id(url, auth, confluence_space_name,
confluence_space_home_page_name)),
"confluencecontent":
content,
}
# print(push_to_confluence(data, url, auth))
if not ATCutils.push_to_confluence(data, url, auth):
raise Exception("Could not create or update the page. " +
"Is the parent name correct?")
spaces = [
"Detection Rules", "Logging Policies", "Data Needed", "Triggers",
"Response Actions", "Response Playbooks", "Enrichments", "Customers",
"Mitigation Systems", "Mitigation Policies", "Hardening Policies"
]
for space in spaces:
print("Creating %s.." % space)
data = {
"title":
space,
"spacekey":
confluence_space_name,
"parentid":
str(
ATCutils.confluence_get_page_id(
url, auth, confluence_space_name,
confluence_name_of_root_directory)),
"confluencecontent":
content,
}
# print(push_to_confluence(data, url, auth))
if not ATCutils.push_to_confluence(data, url, auth):
raise Exception("Could not create or update the page. " +
"Is the parent name correct?")
print("Done!")
return True
