def response_stage(self, rs_path): """Populate Response Stages""" print("[*] Populating Response Stages...") if rs_path: rs_list = glob.glob(rs_path + '*.yml') else: rs_dir = REACTConfig.get('response_stages_dir') rs_list = glob.glob(rs_dir + '/*.yml') for rs_file in rs_list: try: rs = ResponseStage(rs_file) rs.render_template("markdown") rs.save_markdown_file(atc_dir=self.atc_dir) except Exception as e: print(rs_file + " failed\n\n%s\n\n" % e) print("Err message: %s" % e) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) template = env.get_template('markdown_responsestage_main_template.j2') rss, rs_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_stages_dir')) rs_filenames = [ _rs_path.split('/')[-1].replace('.yml', '') for _rs_path in rs_paths ] rss_dict = {} rss_list = [] for i in range(len(rss)): rs_title = rss[i].get('title') rs_id = rss[i].get('id') rs_description = rss[i].get('description') rss_list.append((rs_id, rs_title, rs_description)) rss_dict.update({'rss_list': sorted(rss_list)}) content = template.render(rss_dict) REACTutils.write_file(rs_summary_dir + '/responsestages.md', content) print("[+] Response Stages populated!")
def __init__(self, ra=False, rp=False, rs=False, auto=False, ra_path=False, rp_path=False, rs_path=False, atc_dir=False, init=False): """Init""" # Check if atc_dir provided if atc_dir: self.atc_dir = atc_dir else: self.atc_dir = REACTConfig.get('md_name_of_root_directory') + '/' # Main logic if auto: self.response_action(ra_path) self.response_playbook(rp_path) self.response_stage(rs_path) if ra: self.response_action(ra_path) if rp: self.response_playbook(rp_path) if rs: self.response_stage(rs_path) if ra_path: ras, ra_paths = REACTutils.load_yamls_with_paths(ra_path) else: ras, ra_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_actions_dir')) if rp_path: rps, rp_paths = REACTutils.load_yamls_with_paths(rp_path) else: rps, rp_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_playbooks_dir')) if rs_path: rss, rs_paths = REACTutils.load_yamls_with_paths(rs_path) else: rss, rs_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_stages_dir')) ra_filenames = [ ra_path.split('/')[-1].replace('.yml', '') for ra_path in ra_paths ] rp_filenames = [ rp_path.split('/')[-1].replace('.yml', '') for rp_path in rp_paths ] rs_filenames = [ rs_path.split('/')[-1].replace('.yml', '') for rs_path in rs_paths ] # Point to the templates directory env = Environment(loader=FileSystemLoader('scripts/templates')) # Get proper template template = env.get_template('mkdocs_config_template.md.j2') preparation = [] identification = [] containment = [] eradication = [] recovery = [] lessons_learned = [] detect = [] deny = [] disrupt = [] degrade = [] deceive = [] destroy = [] deter = [] stages = [('preparation', preparation), ('identification', identification), ('containment', containment), ('eradication', eradication), ('recovery', recovery), ('lessons_learned', lessons_learned), ('detect', detect), ('deny', deny), ('disrupt', disrupt), ('degrade', degrade), ('deceive', deceive), ('destroy', destroy), ('deter', deter)] playbooks = [] data_to_render = {} for i in range(len(ras)): ra_updated_title = ras[i].get('id')\ + ": "\ + REACTutils.normalize_react_title(ras[i].get('title'),REACTConfig.get('titlefmtrules')) if "RA1" in ras[i]['id']: preparation.append((ra_updated_title, ra_filenames[i])) elif "RA2" in ras[i]['id']: identification.append((ra_updated_title, ra_filenames[i])) elif "RA3" in ras[i]['id']: containment.append((ra_updated_title, ra_filenames[i])) elif "RA4" in ras[i]['id']: eradication.append((ra_updated_title, ra_filenames[i])) elif "RA5" in ras[i]['id']: recovery.append((ra_updated_title, ra_filenames[i])) elif "RA6" in ras[i]['id']: lessons_learned.append((ra_updated_title, ra_filenames[i])) stages = [(stage_name.replace('_', ' ').capitalize(), sorted(stage_list)) for stage_name, stage_list in stages] for i in range(len(rps)): rp_updated_title = rps[i].get('id')\ + ": "\ + REACTutils.normalize_react_title(rps[i].get('title'),REACTConfig.get('titlefmtrules')) playbooks.append((rp_updated_title, rp_filenames[i])) rs_list = [] for i in range(len(rss)): rs_title = rss[i].get('title') rs_id = rss[i].get('id') rs_list.append((rs_title, rs_id)) data_to_render.update({'stages': stages}) data_to_render.update({'playbooks': sorted(playbooks)}) data_to_render.update({'rs_list': rs_list}) content = template.render(data_to_render) try: REACTutils.write_file('mkdocs.yml', content) print("[+] Created mkdocs.yml") except: print("[-] Failed to create mkdocs.yml")
def __init__(self, ra=False, rp=False, auto=False, ra_path=False, rp_path=False, atc_dir=False, init=False): """Init""" # Check if atc_dir provided if atc_dir: self.atc_dir = atc_dir else: self.atc_dir = REACTConfig.get('md_name_of_root_directory') + '/' # Main logic if auto: self.response_action(ra_path) self.response_playbook(rp_path) if ra: self.response_action(ra_path) if rp: self.response_playbook(rp_path) if ra_path: ras, ra_paths = REACTutils.load_yamls_with_paths(ra_path) else: ras, ra_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_actions_dir')) if rp_path: rps, rp_paths = REACTutils.load_yamls_with_paths(rp_path) else: rps, rp_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_playbooks_dir')) ra_filenames = [ ra_path.split('/')[-1].replace('.yml', '') for ra_path in ra_paths ] rp_filenames = [ rp_path.split('/')[-1].replace('.yml', '') for rp_path in rp_paths ] _preparation = [] _identification = [] _containment = [] _eradication = [] _recovery = [] _lessons_learned = [] stages = [('preparation', _preparation), ('identification', _identification), ('containment', _containment), ('eradication', _eradication), ('recovery', _recovery), ('lessons_learned', _lessons_learned)] for i in range(len(ras)): normalized_title = REACTutils.normalize_react_title( ras[i].get('title'), REACTConfig.get('titlefmtrules')) ra_updated_title = ras[i].get('id')\ + ":"\ + normalized_title if "RA1" in ras[i]['id']: stage = 'preparation' elif "RA2" in ras[i]['id']: stage = 'identification' elif "RA3" in ras[i]['id']: stage = 'containment' elif "RA4" in ras[i]['id']: stage = 'eradication' elif "RA5" in ras[i]['id']: stage = 'recovery' elif "RA6" in ras[i]['id']: stage = 'lessons-learned' kill_chain_phases = [{ "kill_chain_name": 'atc-react', "phase_name": stage }] external_references = [{ "source_name": "atc-react", "external_id": ras[i].get('id'), "url": react_web_kb_base_url + "Response_Actions/" + ra_filenames[i] }] ra = ReactAction(name=normalized_title, description=ras[i].get('description'), external_references=external_references, kill_chain_phases=kill_chain_phases, x_mitre_platforms=['Windows', 'Linux', 'macOS'], allow_custom=True) stix_mem.add(ra) stix_mem.add([ preparation, identification, containment, eradication, recovery, lessons_learned ]) stix_mem.add(react_matrix) try: stix_mem.save_to_file(local_react_json_url) print("[+] Created react.json STIX file") except: print("[-] Failed to create react.json STIX file")
def response_stage(self, rs_path): """Nothing here yet""" print("[*] Populating Response Stages...") if rs_path: rs_list = glob.glob(rs_path + '*.yml') else: rs_dir = REACTConfig.get('response_stages_dir') rs_list = glob.glob(rs_dir + '/*.yml') for rs_file in rs_list: try: rs = ResponseStage(rs_file, apipath=self.apipath, auth=self.auth, space=self.space) rs.render_template("confluence") base = os.path.basename(rs_file) confluence_data = { "title": rs.rs_parsed_file['title'], "spacekey": self.space, "parentid": str( REACTutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Response Stages")), "confluencecontent": rs.content, } res = REACTutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: RS '" + base + "'") except Exception as err: print(rs_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) # # Populate Response Stages root page # template = env.get_template( 'confluence_responsestage_main_template.html.j2') rss, rs_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_stages_dir')) rss_dict = {} rss_list = [] for i in range(len(rss)): rs_id = rss[i].get('id') rs_title = rss[i].get('title') rs_confluence_page_name = rs_id + ": " + rs_title rs_confluence_page_id = str( REACTutils.confluence_get_page_id(self.apipath, self.auth, self.space, rs_confluence_page_name)) rs_description = rss[i].get('description') rss_list.append( (rs_id, rs_title, rs_description, rs_confluence_page_id)) rss_dict.update({'rss_list': sorted(rss_list)}) rss_dict.update({ 'confluence_viewpage_url': REACTConfig.get('confluence_viewpage_url') }) content = template.render(rss_dict) try: data = { "title": "Response Stages", "spacekey": self.space, "parentid": str( REACTutils.confluence_get_page_id(self.apipath, self.auth, self.space, self.root_name)), "confluencecontent": content, } res = REACTutils.push_to_confluence(data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: Response Stages root page") except Exception as err: print("Response Stages root page" + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Response Stages populated!")