Beispiel #1
0
    def enrichment(self, en_path):
        """Nothing here yet"""

        print("[*] Populating Enrichments...")
        if en_path:
            en_list = glob.glob(en_path + '*.yml')
        else:
            en_dir = ATCconfig.get('enrichments_dir')
            en_list = glob.glob(en_dir + '/*.yml')

        for en_file in en_list:
            try:
                en = Enrichment(en_file,
                                apipath=self.apipath,
                                auth=self.auth,
                                space=self.space)
                en.render_template("confluence")

                confluence_data = {
                    "title":
                    en.en_parsed_file['title'],
                    "spacekey":
                    self.space,
                    "parentid":
                    str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space,
                            "Enrichments")),
                    "confluencecontent":
                    en.content,
                }

                res = DATAutils.push_to_confluence(confluence_data,
                                                   self.apipath, self.auth)
                if res == 'Page updated':
                    print("==> updated page: EN '" +
                          en.en_parsed_file['title'] + "'")
                # print("Done: ", en.en_parsed_file['title'])
            except Exception as err:
                print(en_file + " failed")
                print("Err message: %s" % err)
                print('-' * 60)
                traceback.print_exc(file=sys.stdout)
                print('-' * 60)
        print("[+] Enrichments populated!")
Beispiel #2
0
def create_markdown_dirs():
    config = DATAutils.load_config('config.yml')
    base_dir = Path(
        config.get('md_name_of_root_directory', '../Atomic_Threat_Coverage'))

    target_dir_list = ['Logging_Policies', 'Data_Needed', 'Enrichments']

    for item in target_dir_list:
        (base_dir / item).mkdir(parents=True, exist_ok=True)
Beispiel #3
0
    def save_markdown_file(self, atc_dir='../Atomic_Threat_Coverage/'):
        """Write content (md template filled with data) to a file"""
        base = os.path.basename(self.yaml_file)
        title = os.path.splitext(base)[0]

        file_path = atc_dir + self.parent_title + "/" + \
            title + ".md"

        return DATAutils.write_file(file_path, self.content)
Beispiel #4
0
    def data_needed(self, dn_path):
        """Desc"""

        print("[*] Populating Data Needed...")
        if dn_path:
            dn_list = glob.glob(dn_path + '*.yml')
        else:
            dn_dir = ATCconfig.get('data_needed_dir')
            dn_list = glob.glob(dn_dir + '/*.yml')

        for dn_file in dn_list:
            try:
                dn = DataNeeded(dn_file,
                                apipath=self.apipath,
                                auth=self.auth,
                                space=self.space)
                dn.render_template("confluence")
                confluence_data = {
                    "title":
                    dn.dn_fields["title"],
                    "spacekey":
                    self.space,
                    "parentid":
                    str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space,
                            "Data Needed")),
                    "confluencecontent":
                    dn.content,
                }

                res = DATAutils.push_to_confluence(confluence_data,
                                                   self.apipath, self.auth)
                if res == 'Page updated':
                    print("==> updated page: DN '" + dn.dn_fields['title'] +
                          "'")
                # print("Done: ", dn.dn_fields['title'])
            except Exception as err:
                print(dn_file + " failed")
                print("Err message: %s" % err)
                print('-' * 60)
                traceback.print_exc(file=sys.stdout)
                print('-' * 60)
        print("[+] Data Needed populated!")
Beispiel #5
0
    def save_markdown_file(self,
                           atc_dir=ATCconfig.get('md_name_of_root_directoy')):
        """Write content (md template filled with data) to a file"""

        base = os.path.basename(self.yaml_file)
        title = os.path.splitext(base)[0]

        file_path = atc_dir + self.parent_title + "/" + \
            title + ".md"

        return DATAutils.write_file(file_path, self.content)
Beispiel #6
0
    def logging_policy(self, lp_path):
        """Desc"""

        print("[*] Populating Logging Policies...")
        if lp_path:
            lp_list = glob.glob(lp_path + '*.yml')
        else:
            lp_dir = ATCconfig.get('logging_policies_dir')
            lp_list = glob.glob(lp_dir + '/*.yml')

        for lp_file in lp_list:
            try:
                lp = LoggingPolicy(lp_file)
                lp.render_template("confluence")
                confluence_data = {
                    "title":
                    lp.fields["title"],
                    "spacekey":
                    self.space,
                    "parentid":
                    str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space,
                            "Logging Policies")),
                    "confluencecontent":
                    lp.content,
                }

                res = DATAutils.push_to_confluence(confluence_data,
                                                   self.apipath, self.auth)
                if res == 'Page updated':
                    print("==> updated page: LP '" + lp.fields['title'] + "'")
                # print("Done: ", lp.fields['title'])
            except Exception as err:
                print(lp_file + " failed")
                print("Err message: %s" % err)
                print('-' * 60)
                traceback.print_exc(file=sys.stdout)
                print('-' * 60)
        print("[+] Logging Policies populated!")
Beispiel #7
0
    def parse_into_fields(self, yaml_file):
        """Description"""

        # self.dn_fields contains parsed fields obtained from yaml file
        self.dn_fields = DATAutils.read_yaml_file(yaml_file)
        """Fill the fields with values. Put None if key not found"""
        self.title = self.dn_fields.get("title")
        self.author = self.dn_fields.get("author")
        self.description = self.dn_fields.get("description")
        self.loggingpolicy = self.dn_fields.get("loggingpolicy")
        self.mitigation_policy = self.dn_fields.get("mitigation_policy")
        self.platform = self.dn_fields.get("platform")
        self.type = self.dn_fields.get("type")
        self.channel = self.dn_fields.get("channel")
        self.provider = self.dn_fields.get("provider")
        self.fields = self.dn_fields.get("fields")
        self.sample = self.dn_fields.get("sample")
Beispiel #8
0
    def __init__(self):

        dn_path = ATCconfig.get('data_needed_dir')
        lp_path = ATCconfig.get('logging_policies_dir')
        en_path = ATCconfig.get('enrichments_dir')

        dn_list = DATAutils.load_yamls(dn_path)
        lp_list = DATAutils.load_yamls(lp_path)
        enrichments_list = DATAutils.load_yamls(en_path)

        pivoting = []
        analytics = []
        result = []

        analytics = []

        for dn in dn_list:

            if 'category' in dn:
                dn_category = dn['category']
            else:
                dn_category = "-"
            if 'platform' in dn:
                dn_platform = dn['platform']
            else:
                dn_platform = "-"
            if 'type' in dn:
                dn_type = dn['type']
            else:
                dn_type = "-"
            if 'channel' in dn:
                dn_channel = dn['channel']
            else:
                dn_channel = "-"
            if 'provider' in dn:
                dn_provider = dn['provider']
            else:
                dn_provider = "-"
            if 'title' in dn:
                dn_title = dn['title']
            else:
                dn_title = "-"

            pivot = [
                dn_category, dn_platform, dn_type, dn_channel, dn_provider,
                dn_title, '', ''
            ]
            for field in dn['fields']:
                analytics.append([field] + pivot)

        for er in enrichments_list:
            for dn in [
                    dnn for dnn in dn_list
                    if dnn['title'] in er.get('data_to_enrich', [])
            ]:
                pivot = [
                    dn['category'], dn['platform'], dn['type'], dn['channel'],
                    dn['provider'], dn['title'], er['title'],
                    ';'.join(er.get('requirements', []))
                ]
                for field in er['new_fields']:
                    analytics.append([field] + pivot)

        filename = 'pivoting.csv'
        exported_analytics_directory = ATCconfig.get(
            'exported_analytics_directory')

        Path(exported_analytics_directory).mkdir(parents=True, exist_ok=True)

        with open(exported_analytics_directory + '/' + filename,
                  'w',
                  newline='') as csvfile:
            # maybe need some quoting
            alertswriter = csv.writer(csvfile, delimiter=',')
            alertswriter.writerow([
                'field', 'category', 'platform', 'type', 'channel', 'provider',
                'data_needed', 'enrichment', 'enrichment requirements'
            ])
            for row in analytics:
                alertswriter.writerow(row)

        print(f'[+] Created {filename}')
Beispiel #9
0
    from scripts.datautils import DATAutils
    from scripts.attack_mapping import te_mapping, ta_mapping
except:
    from data.atc_data.scripts.datautils import DATAutils
    from data.atc_data.scripts.attack_mapping import te_mapping, ta_mapping

from pathlib import Path

import csv
import sys
import getopt
from os import listdir
from os.path import isfile, join
from yaml.scanner import ScannerError

ATCconfig = DATAutils.load_config("config.yml")

HELP_MESSAGE = """Usage: python3 yamls2csv.py [OPTIONS]\n\n\n
\t\tPossible options are --detectionrules_path, --dataneeded_path
--loggingpolicies path
\t\tDefaults are
\t\tdataneeded_path = ../data_needed/;
\t\tloggingpolicies_path=../logging_policies/"""


class GenerateCSV:
    def __init__(self):

        dn_path = ATCconfig.get('data_needed_dir')
        lp_path = ATCconfig.get('logging_policies_dir')
        en_path = ATCconfig.get('enrichments_dir')
    def __init__(self,
                 dn_path=False,
                 lp_path=False,
                 en_path=False,
                 atc_dir=False,
                 init=False):
        """Init"""

        # Check if atc_dir provided
        if atc_dir:
            self.atc_dir = atc_dir
        else:
            self.atc_dir = ATCconfig.get('md_name_of_root_directory') + '/'

        # Main logic

        if dn_path:
            dns, dn_paths = DATAutils.load_yamls_with_paths(dn_path)
        else:
            dns, dn_paths = DATAutils.load_yamls_with_paths(
                ATCconfig.get('data_needed_dir'))

        if lp_path:
            lps, lp_paths = DATAutils.load_yamls_with_paths(lp_path)
        else:
            lps, lp_paths = DATAutils.load_yamls_with_paths(
                ATCconfig.get('logging_policies_dir'))

        if en_path:
            ens, en_paths = DATAutils.load_yamls_with_paths(en_path)
        else:
            ens, en_paths = DATAutils.load_yamls_with_paths(
                ATCconfig.get('enrichments_dir'))

        dn_filenames = [
            dn_path.split('/')[-1].replace('.yml', '') for dn_path in dn_paths
        ]
        lp_filenames = [
            lp_path.split('/')[-1].replace('.yml', '') for lp_path in lp_paths
        ]
        en_filenames = [
            en_path.split('/')[-1].replace('.yml', '') for en_path in en_paths
        ]

        # Point to the templates directory
        env = Environment(loader=FileSystemLoader('scripts/templates'))

        # Get proper template
        template = env.get_template('mkdocs_config_template.yml.j2')

        data_to_render = {}

        data_needed_list = []
        for i in range(len(dns)):

            dn_updated_title = dns[i].get('title')

            data_needed_list.append((dn_updated_title, dn_filenames[i]))

        logging_policy_list = []
        for i in range(len(lps)):

            rp_updated_title = lps[i].get('title')

            logging_policy_list.append((rp_updated_title, lp_filenames[i]))

        enrichment_list = []
        for i in range(len(ens)):

            en_updated_title = ens[i].get('title')

            enrichment_list.append((en_updated_title, en_filenames[i]))

        data_to_render.update({'data_needed_list': sorted(data_needed_list)})
        data_to_render.update(
            {'logging_policy_list': sorted(logging_policy_list)})
        data_to_render.update({'enrichment_list': sorted(enrichment_list)})

        content = template.render(data_to_render)
        try:
            DATAutils.write_file('mkdocs.yml', content)
            print("[+] Created mkdocs.yml")
        except:
            print("[-] Failed to create mkdocs.yml")
Beispiel #11
0
    def render_template(self, template_type):
        """Description
        template_type:
            - "markdown"
            - "confluence"
        """

        if template_type not in ["markdown", "confluence"]:
            raise Exception("Bad template_type. Available values:" +
                            " [\"markdown\", \"confluence\"]")

        # Get proper template
        if template_type == "markdown":
            template = env\
                .get_template('markdown_dataneeded_template.md.j2')

            logging_policies = self.dn_fields.get("loggingpolicy")

            if isinstance(logging_policies, str):
                logging_policies = [logging_policies]

            self.dn_fields.update({'loggingpolicy': logging_policies})

            mitigation_policy = self.dn_fields.get("mitigation_policy")

            if isinstance(mitigation_policy, str):
                mitigation_policy = [mitigation_policy]

            self.dn_fields.update({'mitigation_policy': mitigation_policy})

            self.dn_fields.update(
                {'description': self.dn_fields.get('description').strip()})

            refs = self.dn_fields.get("references")

            if isinstance(refs, str):
                self.dn_fields.update({'references': [refs]})

        elif template_type == "confluence":
            template = env\
                .get_template('confluence_dataneeded_template.html.j2')

            self.dn_fields.update({
                'confluence_viewpage_url':
                ATCconfig.get('confluence_viewpage_url')
            })

            self.dn_fields.update(
                {'description': self.dn_fields.get('description').strip()})

            logging_policies = self.dn_fields.get("loggingpolicy")

            if not logging_policies:
                logging_policies = [
                    "None",
                ]

            logging_policies_with_id = []

            for lp in logging_policies:
                if lp != "None" and self.apipath and self.auth and self.space:
                    logging_policies_id = str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space, lp))
                else:
                    logging_policies_id = ""
                lp = (lp, logging_policies_id)
                logging_policies_with_id.append(lp)

            self.dn_fields.update({'loggingpolicy': logging_policies_with_id})

            mitigation_policies = self.dn_fields.get("mitigation_policy")

            if not mitigation_policies:
                mitigation_policies = [
                    "None",
                ]

            mitigation_policies_with_id = []

            for mp in mitigation_policies:
                if mp != "None" and self.apipath and self.auth and self.space:
                    mitigation_policies_id = str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space, mp))
                else:
                    mitigation_policies_id = ""
                mp = (mp, mitigation_policies_id)
                mitigation_policies_with_id.append(mp)

            self.dn_fields.update(
                {'mitigation_policy': mitigation_policies_with_id})

            refs = self.dn_fields.get("references")

            if isinstance(refs, str):
                self.dn_fields.update({'references': [refs]})

        self.content = template.render(self.dn_fields)

        return True
Beispiel #12
0
def main(c_auth=None):

    try:
        ATCconfig = DATAutils.load_config("config.yml")
        confluence_space_name = ATCconfig.get('confluence_space_name')
        confluence_space_home_page_name = ATCconfig.get(
            'confluence_space_home_page_name')
        confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url')
        confluence_name_of_root_directory = ATCconfig.get(
            'confluence_name_of_root_directory')

    except Exception as e:
        raise e
        pass

    if not c_auth:
        mail = input("Login: "******""

    print("[*] Creating ATC root page...")

    data = {
        "title":
        confluence_name_of_root_directory,
        "spacekey":
        confluence_space_name,
        "parentid":
        str(
            DATAutils.confluence_get_page_id(url, auth, confluence_space_name,
                                             confluence_space_home_page_name)),
        "confluencecontent":
        content,
    }

    if not DATAutils.push_to_confluence(data, url, auth):
        raise Exception("[-] Could not create or update the page. " +
                        "Is the parent name correct?")

    pages = ["Logging Policies", "Data Needed", "Enrichments"]

    for page in pages:
        print("Creating %s..." % page)
        data = {
            "title":
            page,
            "spacekey":
            confluence_space_name,
            "parentid":
            str(
                DATAutils.confluence_get_page_id(
                    url, auth, confluence_space_name,
                    confluence_name_of_root_directory)),
            "confluencecontent":
            content,
        }

        if not DATAutils.push_to_confluence(data, url, auth):
            raise Exception("[-] Could not create or update the page. " +
                            "Is the parent name correct?")
    print("[+] Initial Confluence page structure created!")
    return True
Beispiel #13
0
    def render_template(self, template_type):
        """Description
        template_type:
            - "markdown"
            - "confluence"
        """

        if template_type not in ["markdown", "confluence"]:
            raise Exception("Bad template_type. Available values:" +
                            " [\"markdown\", \"confluence\"]")

        # Get proper template
        if template_type == "markdown":
            template = env.get_template('markdown_enrichments_template.md.j2')

            self.en_parsed_file.update({
                'description':
                self.en_parsed_file.get('description').strip()
            })
        elif template_type == "confluence":
            template = env.get_template(
                'confluence_enrichments_template.html.j2')

            self.en_parsed_file.update({
                'confluence_viewpage_url':
                ATCconfig.get('confluence_viewpage_url')
            })

            data_needed = self.en_parsed_file.get('data_needed')
            if data_needed:
                data_needed_with_id = []
                for dn in data_needed:
                    data_needed_id = str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space, dn))
                    dn = (dn, data_needed_id)
                    data_needed_with_id.append(dn)

                self.en_parsed_file.update(
                    {'data_needed': data_needed_with_id})

            data_to_enrich = self.en_parsed_file.get('data_to_enrich')
            if data_to_enrich:
                data_to_enrich_with_id = []
                for de in data_to_enrich:
                    data_to_enrich_id = str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space, de))
                    de = (de, data_to_enrich_id)
                    data_to_enrich_with_id.append(de)

                self.en_parsed_file.update(
                    {'data_to_enrich': data_to_enrich_with_id})

            requirements = self.en_parsed_file.get('requirements')
            if requirements:
                requirements_with_id = []
                for req in requirements:
                    requirements_id = str(
                        DATAutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space, req))
                    req = (req, requirements_id)
                    requirements_with_id.append(req)

                self.en_parsed_file.update(
                    {'requirements': requirements_with_id})

            self.en_parsed_file.update({
                'description':
                self.en_parsed_file.get('description').strip()
            })
        # Render
        self.content = template.render(self.en_parsed_file)
Beispiel #14
0
    def parse_into_fields(self, yaml_file):
        """Description"""

        self.en_parsed_file = DATAutils.read_yaml_file(yaml_file)
Beispiel #15
0
    def parse_into_fields(self, yaml_file):
        """Description"""

        # self.fields contains parsed fields obtained from yaml file
        self.fields = DATAutils.read_yaml_file(self.yaml_file)