def render_template(self, template_type):
        """Description
        template_type:
            - "markdown"
            - "confluence"
        """

        if template_type not in ["markdown", "confluence"]:
            raise Exception("Bad template_type. Available values:" +
                            " [\"markdown\", \"confluence\"]]")

        # Get proper template
        if template_type == "markdown":

            template = env.get_template(
                'markdown_responseplaybook_template.md.j2')

            self.rp_parsed_file.update({
                'title':
                REACTutils.normalize_react_title(
                    self.rp_parsed_file.get('title'))
            })

            # MITRE ATT&CK Tactics and Techniques
            tactic = []
            tactic_re = re.compile(r'attack\.\w\D+$')
            technique = []
            technique_re = re.compile(r'attack\.t\d{4}(\.\d{3})?$')
            # AM!TT Tactics and Techniques
            amitt_tactic = []
            amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
            amitt_technique = []
            amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

            other_tags = []

            for tag in self.rp_parsed_file.get('tags'):
                if tactic_re.match(tag):
                    tactic.append(ta_mapping.get(tag))
                elif technique_re.match(tag):
                    te = tag.upper()[7:]
                    technique.append((te_mapping.get(te), te))
                elif amitt_tactic_re.match(tag):
                    amitt_tactic.append(amitt_tactic_mapping.get(tag))
                elif amitt_technique_re.match(tag):
                    te = tag.upper()[6:]
                    amitt_technique.append(
                        (amitt_technique_mapping.get(te), te))
                else:
                    other_tags.append(tag)

            # Add MITRE ATT&CK Tactics and Techniques to J2
            self.rp_parsed_file.update({'tactics': tactic})
            self.rp_parsed_file.update({'techniques': technique})
            # Add AM!TT Tactics and Techniques to J2
            self.rp_parsed_file.update({'amitt_tactics': amitt_tactic})
            self.rp_parsed_file.update({'amitt_techniques': amitt_technique})
            self.rp_parsed_file.update({'other_tags': other_tags})

            preparation = []
            identification = []
            containment = []
            eradication = []
            recovery = []
            lessons_learned = []
            detect = []
            deny = []
            disrupt = []
            degrade = []
            deceive = []
            destroy = []
            deter = []

            stages = [('preparation', preparation),
                      ('identification', identification),
                      ('containment', containment),
                      ('eradication', eradication), ('recovery', recovery),
                      ('lessons_learned', lessons_learned), ('detect', detect),
                      ('deny', deny), ('disrupt', disrupt),
                      ('degrade', degrade), ('deceive', deceive),
                      ('destroy', destroy), ('deter', deter)]

            # grab workflow per action in each IR stages
            # error handling for playbooks with empty stages
            for stage_name, stage_list in stages:
                try:
                    for task in self.rp_parsed_file.get(stage_name):
                        action = REACTutils.read_yaml_file(
                            REACTConfig.get('response_actions_dir') + '/' +
                            task + '.yml')

                        action_title = action.get('id')\
                            + ": "\
                            + REACTutils.normalize_react_title(action.get('title'))

                        stage_list.append(
                            (action_title, task, action.get('description'),
                             action.get('workflow')))
                except TypeError:
                    pass

        elif template_type == "confluence":

            template = env.get_template(
                'confluence_responseplaybook_template.html.j2')

            new_title = self.rp_parsed_file.get('id')\
              + ": "\
              + REACTutils.normalize_react_title(self.rp_parsed_file.get('title'))

            self.rp_parsed_file.update({'title': new_title})

            self.rp_parsed_file.update({
                'confluence_viewpage_url':
                REACTConfig.get('confluence_viewpage_url')
            })

            # MITRE ATT&CK Tactics and Techniques
            tactic = []
            tactic_re = re.compile(r'attack\.\w\D+$')
            technique = []
            technique_re = re.compile(r'attack\.t\d{4}(\.\d{3})?$')
            # AM!TT Tactics and Techniques
            amitt_tactic = []
            amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
            amitt_technique = []
            amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

            other_tags = []

            for tag in self.rp_parsed_file.get('tags'):
                if tactic_re.match(tag):
                    tactic.append(ta_mapping.get(tag))
                elif technique_re.match(tag):
                    te = tag.upper()[7:]
                    technique.append((te_mapping.get(te), te))
                elif amitt_tactic_re.match(tag):
                    amitt_tactic.append(amitt_tactic_mapping.get(tag))
                elif amitt_technique_re.match(tag):
                    te = tag.upper()[6:]
                    amitt_technique.append(
                        (amitt_technique_mapping.get(te), te))
                else:
                    other_tags.append(tag)

            # Add MITRE ATT&CK Tactics and Techniques to J2
            self.rp_parsed_file.update({'tactics': tactic})
            self.rp_parsed_file.update({'techniques': technique})
            # Add AM!TT Tactics and Techniques to J2
            self.rp_parsed_file.update({'amitt_tactics': amitt_tactic})
            self.rp_parsed_file.update({'amitt_techniques': amitt_technique})
            self.rp_parsed_file.update({'other_tags': other_tags})

            # get links to response action

            preparation = []
            identification = []
            containment = []
            eradication = []
            recovery = []
            lessons_learned = []
            detect = []
            deny = []
            disrupt = []
            degrade = []
            deceive = []
            destroy = []
            deter = []

            stages = [('preparation', preparation),
                      ('identification', identification),
                      ('containment', containment),
                      ('eradication', eradication), ('recovery', recovery),
                      ('lessons_learned', lessons_learned), ('detect', detect),
                      ('deny', deny), ('disrupt', disrupt),
                      ('degrade', degrade), ('deceive', deceive),
                      ('destroy', destroy), ('deter', deter)]

            for stage_name, stage_list in stages:
                try:
                    for task in self.rp_parsed_file.get(stage_name):
                        action = REACTutils.read_yaml_file(
                            REACTConfig.get('response_actions_dir') + '/' +
                            task + '.yml')

                        action_title = action.get('id')\
                            + ": "\
                            + REACTutils.normalize_react_title(action.get('title'))

                        if self.apipath and self.auth and self.space:
                            stage_list.append(
                                (action_title,
                                 str(
                                     REACTutils.confluence_get_page_id(
                                         self.apipath, self.auth, self.space,
                                         action_title))))
                        else:
                            stage_list.append((action_title, ""))

                except TypeError:
                    pass

            # change stages name to more pretty format
            stages = [(stage_name.replace('_', ' ').capitalize(), stage_list)
                      for stage_name, stage_list in stages]

            self.rp_parsed_file.update({'stages_with_id': stages})

            # get descriptions for response actions

            preparation = []
            identification = []
            containment = []
            eradication = []
            recovery = []
            lessons_learned = []
            detect = []
            deny = []
            disrupt = []
            degrade = []
            deceive = []
            destroy = []
            deter = []

            stages = [('preparation', preparation),
                      ('identification', identification),
                      ('containment', containment),
                      ('eradication', eradication), ('recovery', recovery),
                      ('lessons_learned', lessons_learned), ('detect', detect),
                      ('deny', deny), ('disrupt', disrupt),
                      ('degrade', degrade), ('deceive', deceive),
                      ('destroy', destroy), ('deter', deter)]

            # grab workflow per action in each IR stages
            # error handling for playbooks with empty stages
            for stage_name, stage_list in stages:
                try:
                    for task in self.rp_parsed_file.get(stage_name):
                        action = REACTutils.read_yaml_file(
                            REACTConfig.get('response_actions_dir') + '/' +
                            task + '.yml')
                        stage_list.append((action.get('description'),
                                           action.get('workflow')))
                except TypeError:
                    pass

        #
        # POST: Common for both Markdown and Confluence templates
        #

        # change stages name to more pretty format
        stages = [(stage_name.replace('_', ' ').capitalize(), stage_list)
                  for stage_name, stage_list in stages]

        self.rp_parsed_file.update({'stages': stages})

        self.rp_parsed_file.update(
            {'description': self.rp_parsed_file.get('description').strip()})
        # Render
        self.content = template.render(self.rp_parsed_file)
Exemple #2
0
    def render_template(self, template_type):
        """Description
        template_type:
            - "markdown"
        """

        if template_type not in ["markdown"]:
            raise Exception("Bad template_type. Available values:" +
                            " [\"markdown\"]")

        # Point to the templates directory
        env = Environment(loader=FileSystemLoader('scripts/templates'))

        # Get proper template
        template = env.get_template('markdown_responseplaybook_template.md.j2')

        self.rp_parsed_file.update({
            'title':
            ATCutils.normalize_react_title(self.rp_parsed_file.get('title'))
        })

        # MITRE ATT&CK Tactics and Techniques
        tactic = []
        tactic_re = re.compile(r'attack\.\w\D+$')
        technique = []
        technique_re = re.compile(r'attack\.t\d{1,5}$')
        # AM!TT Tactics and Techniques
        amitt_tactic = []
        amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
        amitt_technique = []
        amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

        other_tags = []

        for tag in self.rp_parsed_file.get('tags'):
            if tactic_re.match(tag):
                tactic.append(ta_mapping.get(tag))
            elif technique_re.match(tag):
                te = tag.upper()[7:]
                technique.append((te_mapping.get(te), te))
            elif amitt_tactic_re.match(tag):
                amitt_tactic.append(amitt_tactic_mapping.get(tag))
            elif amitt_technique_re.match(tag):
                te = tag.upper()[6:]
                amitt_technique.append((amitt_technique_mapping.get(te), te))
            else:
                other_tags.append(tag)

        # Add MITRE ATT&CK Tactics and Techniques to J2
        self.rp_parsed_file.update({'tactics': tactic})
        self.rp_parsed_file.update({'techniques': technique})
        # Add AM!TT Tactics and Techniques to J2
        self.rp_parsed_file.update({'amitt_tactics': amitt_tactic})
        self.rp_parsed_file.update({'amitt_techniques': amitt_technique})
        self.rp_parsed_file.update({'other_tags': other_tags})

        preparation = []
        identification = []
        containment = []
        eradication = []
        recovery = []
        lessons_learned = []
        detect = []
        deny = []
        disrupt = []
        degrade = []
        deceive = []
        destroy = []
        deter = []

        stages = [('preparation', preparation),
                  ('identification', identification),
                  ('containment', containment), ('eradication', eradication),
                  ('recovery', recovery), ('lessons_learned', lessons_learned),
                  ('detect', detect), ('deny', deny), ('disrupt', disrupt),
                  ('degrade', degrade), ('deceive', deceive),
                  ('destroy', destroy), ('deter', deter)]

        # grab workflow per action in each IR stages
        # error handling for playbooks with empty stages
        for stage_name, stage_list in stages:
            try:
                for task in self.rp_parsed_file.get(stage_name):
                    action = ATCutils.read_yaml_file(
                        ATCconfig.get('response_actions_dir') + '/' + task +
                        '.yml')

                    action_title = action.get('id')\
                        + ": "\
                        + ATCutils.normalize_react_title(action.get('title'))

                    stage_list.append(
                        (action_title, task, action.get('description'),
                         action.get('workflow')))
            except TypeError:
                pass

        # change stages name to more pretty format
        stages = [(stage_name.replace('_', ' ').capitalize(), stage_list)
                  for stage_name, stage_list in stages]

        self.rp_parsed_file.update({'stages': stages})

        self.rp_parsed_file.update(
            {'description': self.rp_parsed_file.get('description').strip()})

        # Render
        self.content = template.render(self.rp_parsed_file)
    def render_template(self, template_type):
        """Render template with data in it
        template_type:
            - "markdown"
            - "confluence"
        """

        if template_type not in ["markdown", "confluence"]:
            raise Exception(
                "Bad template_type. Available values: " +
                "[\"markdown\", \"confluence\"]")

        # Get proper template
        if template_type == "markdown":
            template = env.get_template(
                'markdown_alert_template.md.j2')

            # Read raw sigma rule
            sigma_rule = ATCutils.read_rule_file(self.yaml_file)

            # Put raw sigma rule into fields var
            self.fields.update({'sigma_rule': sigma_rule})

            # Define which queries we want from Sigma
            #queries = ["es-qs", "xpack-watcher", "graylog", "splunk", "logpoint", "grep", "fieldlist"]
            queries = ATCconfig.get('detection_queries').split(",")

            # dict to store query key + query values
            det_queries = {}

            # Convert sigma rule into queries (for instance, graylog query)
            for query in queries:
                # prepare command to execute from shell
                # (yes, we know)
                if query == "powershell":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + query + \
                        " --config  " + ATCconfig.get('powershell_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif query == "es-qs":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + query + \
                        " --config  " + ATCconfig.get('es-qs_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif query == "xpack-watcher":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + query + \
                        " --config  " + ATCconfig.get('xpack-watcher_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif query == "splunk":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + query + \
                        " --config  " + ATCconfig.get('splunk_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif query == "logpoint":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + query + \
                        " --config  " + ATCconfig.get('logpoint_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                else:
                    cmd = ATCconfig.get('sigmac_path') + ' --shoot-yourself-in-the-foot -t "' + \
                        query + '" --ignore-backend-errors "' + self.yaml_file + '"'
                        #query + " --ignore-backend-errors " + self.yaml_file + \
                        #" 2> /dev/null"
                
                #p = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
                query2 = subprocess.getoutput(cmd)

                # Wait for date to terminate. Get return returncode
                # p_status = p.wait()
                #p.wait()

                """ Had to remove '-' due to problems with
                Jinja2 variable naming,
                e.g es-qs throws error 'no es variable'
                """
                det_queries[query] = str(query2)#[2:-3]

            # Update detection rules
            self.fields.update({"det_queries": det_queries})
            self.fields.update({"queries": queries})

            # Data Needed
            data_needed = ATCutils.main_dn_calculatoin_func(self.yaml_file)

            # if there is only 1 element in the list, print it as a string,
            # without quotes
            # if isistance(data_needed, list) and len(data_needed) == 1:
            #     [data_needed] = data_needed

            # print("%s || Dataneeded: \n%s\n" %
            #       (self.fields.get("title"), data_needed))

            self.fields.update({'data_needed': sorted(data_needed)})

            # Enrichments
            enrichments = self.fields.get("enrichment")

            if isinstance(enrichments, str):
                enrichments = [enrichments]

            self.fields.update({'enrichment': enrichments})

            # MITRE ATT&CK Tactics and Techniques
            tactic = []
            tactic_re = re.compile(r'attack\.\w\D+$')
            technique = []
            technique_re = re.compile(r'(?:attack\.t\d{4}$|attack\.t\d{4}\.\d{3}$)')
            # AM!TT Tactics and Techniques
            amitt_tactic = []
            amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
            amitt_technique = []
            amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

            other_tags = []

            if self.fields.get('tags'):
                for tag in self.fields.get('tags'):
                    if tactic_re.match(tag):
                        if ta_mapping.get(tag):
                            tactic.append(ta_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif amitt_tactic_re.match(tag):
                        if amitt_tactic_mapping.get(tag):
                            amitt_tactic.append(amitt_tactic_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif technique_re.match(tag):
                        te = tag.upper()[7:]
                        technique.append((te_mapping.get(te), te))
                    elif amitt_technique_re.match(tag):
                        te = tag.upper()[6:]
                        amitt_technique.append((amitt_technique_mapping.get(te), te))
                    else:
                        other_tags.append(tag)

                if len(tactic):
                    self.fields.update({'tactics': tactic})
                if len(technique):
                    self.fields.update({'techniques': technique})
                if len(amitt_tactic):
                    self.fields.update({'amitt_tactics': amitt_tactic})
                if len(amitt_technique):
                    self.fields.update({'amitt_techniques': amitt_technique})
                if len(other_tags):
                    self.fields.update({'other_tags': other_tags})

            triggers = []

            for trigger in technique:
                if trigger is "None":
                    continue
                trigger_name, trigger_id = trigger
                # Check if a directory for a technique exists in atomic red team repo
                if os.path.isdir(ATCconfig.get('triggers_directory') + '/' + trigger_id):
                    triggers.append(trigger)

                else:
                    print(trigger_id + ": No atomics trigger for this technique")
                    """
                    triggers.append(
                        trigger + ": No atomics trigger for this technique"
                    )
                    """

            self.fields.update(
                {'description': self.fields.get('description').strip()})
            self.fields.update({'triggers': triggers})

        elif template_type == "confluence":
            template = env.get_template(
                'confluence_alert_template.html.j2')

            self.fields.update(
                {'confluence_viewpage_url': ATCconfig.get('confluence_viewpage_url')})

            sigma_rule = ATCutils.read_rule_file(self.yaml_file)
            self.fields.update({'sigma_rule': sigma_rule})

            #outputs = ["es-qs", "xpack-watcher", "graylog"]

            queries = ATCconfig.get('detection_queries').split(",")

            # dict to store query key + query values
            det_queries = {}

            for output in queries:
                if output == "powershell":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + output + \
                        " --config  " + ATCconfig.get('powershell_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif output == "es-qs":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + output + \
                        " --config  " + ATCconfig.get('es-qs_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif output == "xpack-watcher":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + output + \
                        " --config  " + ATCconfig.get('xpack-watcher_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif output == "splunk":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + output + \
                        " --config  " + ATCconfig.get('splunk_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                elif output == "logpoint":
                    cmd = ATCconfig.get('sigmac_path') + " -t " + output + \
                        " --config  " + ATCconfig.get('logpoint_sigma_config') + \
                        " --ignore-backend-errors " + self.yaml_file
                else:
                    cmd = ATCconfig.get('sigmac_path') + ' --shoot-yourself-in-the-foot -t "' + \
                        output + '" --ignore-backend-errors "' + self.yaml_file + '"'

                p = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
                (query, err) = p.communicate()
                # Wait for date to terminate. Get return returncode ##
                # p_status = p.wait()
                p.wait()
                # have to remove '-' due to problems with
                # Jinja2 variable naming,e.g es-qs throws error
                # 'no es variable'
                #self.fields.update({output.replace("-", ""): str(query)[2:-3]})
                det_queries[output] = str(query)[2:-3].replace("\\n", "\n")
                
            # Update detection rules
            self.fields.update({"det_queries": det_queries})
            self.fields.update({"queries": queries})

            # Data Needed
            data_needed = ATCutils.main_dn_calculatoin_func(self.yaml_file)

            data_needed_with_id = []

            for data in sorted(data_needed):
                data_needed_id = str(ATCutils.confluence_get_page_id(
                    self.apipath, self.auth, self.space, data))
                data = (data, data_needed_id)
                data_needed_with_id.append(data)

            self.fields.update({'data_needed': data_needed_with_id})

            # Enrichments
            enrichments = self.fields.get("enrichment")

            enrichments_with_page_id = []

            if isinstance(enrichments, str):
                enrichments = [enrichments]

            if enrichments:
                for enrichment_name in enrichments:
                    enrichment_page_id = str(ATCutils.confluence_get_page_id(
                        self.apipath, self.auth, self.space, enrichment_name))
                    enrichment_data = (enrichment_name, enrichment_page_id)
                    enrichments_with_page_id.append(enrichment_data)

            self.fields.update({'enrichment': enrichments_with_page_id})

            # MITRE ATT&CK Tactics and Techniques
            tactic = []
            tactic_re = re.compile(r'attack\.\w\D+$')
            technique = []
            technique_re = re.compile(r'attack\.t\d{1,5}(\.\d{3})?$')
            # AM!TT Tactics and Techniques
            amitt_tactic = []
            amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
            amitt_technique = []
            amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

            other_tags = []

            if self.fields.get('tags'):
                for tag in self.fields.get('tags'):
                    if tactic_re.match(tag):
                        if ta_mapping.get(tag):
                            tactic.append(ta_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif amitt_tactic_re.match(tag):
                        if amitt_tactic_mapping.get(tag):
                            amitt_tactic.append(amitt_tactic_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif technique_re.match(tag):
                        te = tag.upper()[7:]
                        technique.append((te_mapping.get(te), te))
                    elif amitt_technique_re.match(tag):
                        te = tag.upper()[6:]
                        amitt_technique.append((amitt_technique_mapping.get(te), te))
                    else:
                        other_tags.append(tag)

                if len(tactic):
                    self.fields.update({'tactics': tactic})
                if len(technique):
                    self.fields.update({'techniques': technique})
                if len(amitt_tactic):
                    self.fields.update({'amitt_tactics': amitt_tactic})
                if len(technique):
                    self.fields.update({'amitt_techniques': amitt_technique})
                if len(other_tags):
                    self.fields.update({'other_tags': other_tags})

            triggers = []

            for trigger_name, trigger_id in technique:
                if trigger_id is "None":
                    continue


                try:
                    page_name = trigger_id + ": " + trigger_name
                    trigger_page_id = str(ATCutils.confluence_get_page_id(
                        self.apipath, self.auth, self.space, page_name))

                    trigger = (trigger_name, trigger_id, trigger_page_id)

                    triggers.append(trigger)
                except FileNotFoundError:
                    print(trigger + ": No atomics trigger for this technique")

            self.fields.update({'triggers': triggers})

        self.content = template.render(self.fields)
        # Need to convert ampersand into HTML "save" format
        # Otherwise confluence throws an error
        # self.content = self.content.replace("&", "&")
        # Done in the template itself

        return True
Exemple #4
0
    def render_template(self, template_type):
        """Description
        template_type:
            - "markdown"
            - "confluence"
        """

        if template_type not in ["markdown", "confluence"]:
            raise Exception("Bad template_type. Available values:" +
                            " [\"markdown\", \"confluence\"]")

        # Get proper template
        if template_type == "markdown":
            template = env.get_template(
                'markdown_mitigationpolicies_template.md.j2')

            platform = self.mp_parsed_file.get("platform")

            if isinstance(platform, str):
                platform = [platform]

            self.mp_parsed_file.update({'platform': platform})

            minimum_version = self.mp_parsed_file.get("minimum_version")

            if isinstance(minimum_version, str):
                minimum_version = [minimum_version]

            self.mp_parsed_file.update({'minimum_version': minimum_version})

            mitigation_systems = self.mp_parsed_file.get("mitigation_system")

            if isinstance(mitigation_systems, str):
                mitigation_systems = [mitigation_systems]

            self.mp_parsed_file.update(
                {'mitigation_system': mitigation_systems})

            self.mp_parsed_file.update({
                'configuration':
                self.mp_parsed_file.get('configuration').strip()
            })
            self.mp_parsed_file.update({
                'description':
                self.mp_parsed_file.get('description').strip()
            })

            # MITRE ATT&CK Tactics and Techniques
            tactic = []
            tactic_re = re.compile(r'attack\.\w\D+$')
            technique = []
            technique_re = re.compile(r'attack\.t\d{1,5}$')
            # AM!TT Tactics and Techniques
            amitt_tactic = []
            amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
            amitt_technique = []
            amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

            # MITRE ATT&CK Mitigation
            mitigation = []
            mitigation_re = re.compile(r'attack\.m\d{1,5}$')
            # AM!TT Mitigation
            amitt_mitigation = []
            amitt_mitigation_re = re.compile(r'amitt\.m\d{1,5}$')

            other_tags = []

            if self.mp_parsed_file.get('tags'):
                for tag in self.mp_parsed_file.get('tags'):
                    if tactic_re.match(tag):
                        if ta_mapping.get(tag):
                            tactic.append(ta_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif amitt_tactic_re.match(tag):
                        if amitt_tactic_mapping.get(tag):
                            amitt_tactic.append(amitt_tactic_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif technique_re.match(tag):
                        te = tag.upper()[7:]
                        technique.append((te_mapping.get(te), te))
                    elif amitt_technique_re.match(tag):
                        te = tag.upper()[6:]
                        technique.append((amitt_technique_mapping.get(te), te))
                    elif mitigation_re.match(tag):
                        mi = tag.upper()[7:]
                        mitigation.append((mi_mapping.get(mi), mi))
                    elif amitt_mitigation_re.match(tag):
                        te = tag.upper()[6:]
                        mitigation.append(
                            (amitt_mitigation_mapping.get(te), te))
                    else:
                        other_tags.append(tag)

                    if not tactic_re.match(tag) and not \
                            technique_re.match(tag) and not \
                            mitigation_re.match(tag):
                        other_tags.append(tag)

                if len(tactic):
                    self.mp_parsed_file.update({'tactics': tactic})
                if len(technique):
                    self.mp_parsed_file.update({'techniques': technique})
                if len(amitt_tactic):
                    self.mp_parsed_file.update({'amitt_tactics': amitt_tactic})
                if len(amitt_technique):
                    self.mp_parsed_file.update(
                        {'amitt_techniques': amitt_technique})
                if len(mitigation):
                    self.mp_parsed_file.update({'mitigations': mitigation})
                if len(amitt_mitigation):
                    self.mp_parsed_file.update(
                        {'amitt_mitigations': amitt_mitigation})
                if len(other_tags):
                    self.mp_parsed_file.update({'other_tags': other_tags})

        elif template_type == "confluence":
            template = env.get_template(
                'confluence_mitigationpolicies_template.html.j2')

            self.mp_parsed_file.update({
                'confluence_viewpage_url':
                ATCconfig.get('confluence_viewpage_url')
            })

            self.mp_parsed_file.update({
                'description':
                self.mp_parsed_file.get('description').strip()
            })

            platform = self.mp_parsed_file.get("platform")

            if isinstance(platform, str):
                platform = [platform]

            self.mp_parsed_file.update({'platform': platform})

            minimum_version = self.mp_parsed_file.get("minimum_version")

            if isinstance(minimum_version, str):
                minimum_version = [minimum_version]

            self.mp_parsed_file.update({'minimum_version': minimum_version})

            mitigation_systems = self.mp_parsed_file.get("mitigation_system")

            if isinstance(mitigation_systems, str):
                mitigation_systems = [mitigation_systems]

            if not mitigation_systems:
                mitigation_systems = [
                    "None",
                ]

            mitigation_systems_with_id = []

            if mitigation_systems:
                for ms in mitigation_systems:
                    mitigation_systems_id = str(
                        ATCutils.confluence_get_page_id(
                            self.apipath, self.auth, self.space, ms))
                    ms = (ms, mitigation_systems_id)
                    mitigation_systems_with_id.append(ms)

            self.mp_parsed_file.update(
                {'mitigation_system': mitigation_systems_with_id})

            # MITRE ATT&CK Tactics and Techniques
            tactic = []
            tactic_re = re.compile(r'attack\.\w\D+$')
            technique = []
            technique_re = re.compile(r'attack\.t\d{1,5}$')
            # AM!TT Tactics and Techniques
            amitt_tactic = []
            amitt_tactic_re = re.compile(r'amitt\.\w\D+$')
            amitt_technique = []
            amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$')

            # MITRE ATT&CK Mitigation
            mitigation = []
            mitigation_re = re.compile(r'attack\.m\d{1,5}$')
            # AM!TT Mitigation
            amitt_mitigation = []
            amitt_mitigation_re = re.compile(r'amitt\.m\d{1,5}$')

            other_tags = []

            if self.mp_parsed_file.get('tags'):
                for tag in self.mp_parsed_file.get('tags'):
                    if tactic_re.match(tag):
                        if ta_mapping.get(tag):
                            tactic.append(ta_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif amitt_tactic_re.match(tag):
                        if amitt_tactic_mapping.get(tag):
                            amitt_tactic.append(amitt_tactic_mapping.get(tag))
                        else:
                            other_tags.append(tag)
                    elif technique_re.match(tag):
                        te = tag.upper()[7:]
                        technique.append((te_mapping.get(te), te))
                    elif amitt_technique_re.match(tag):
                        te = tag.upper()[6:]
                        technique.append((amitt_technique_mapping.get(te), te))
                    elif mitigation_re.match(tag):
                        mi = tag.upper()[7:]
                        mitigation.append((mi_mapping.get(mi), mi))
                    elif amitt_mitigation_re.match(tag):
                        te = tag.upper()[6:]
                        mitigation.append(
                            (amitt_mitigation_mapping.get(te), te))
                    else:
                        other_tags.append(tag)

                    if not tactic_re.match(tag) and not \
                           technique_re.match(tag) and not \
                           mitigation_re.match(tag):
                        other_tags.append(tag)

                if len(tactic):
                    self.mp_parsed_file.update({'tactics': tactic})
                if len(technique):
                    self.mp_parsed_file.update({'techniques': technique})
                if len(amitt_tactic):
                    self.mp_parsed_file.update({'amitt_tactics': amitt_tactic})
                if len(amitt_technique):
                    self.mp_parsed_file.update(
                        {'amitt_techniques': amitt_technique})
                if len(mitigation):
                    self.mp_parsed_file.update({'mitigations': mitigation})
                if len(amitt_mitigation):
                    self.mp_parsed_file.update(
                        {'amitt_mitigations': amitt_mitigation})
                if len(other_tags):
                    self.mp_parsed_file.update({'other_tags': other_tags})

        # Render
        self.content = template.render(self.mp_parsed_file)