def mitre(): """Urls might change, for proper urls see https://github.com/swimlane/pyattck""" try: from pyattck import Attck except ImportError: print( "Missed dependency: install pyattck library, see requirements for proper version" ) return mitre = Attck( nested_subtechniques=True, save_config=False, use_config=False, config_file_path=os.path.join(CUCKOO_ROOT, "data", "mitre", "config.yml"), data_path=os.path.join(CUCKOO_ROOT, "data", "mitre"), enterprise_attck_json= "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json", pre_attck_json= "https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json", mobile_attck_json= "https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json", nist_controls_json= "https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/ATT%26CK-v9.0/nist800-53-r4/stix/nist800-53-r4-controls.json", generated_attck_json= "https://swimlane-pyattck.s3.us-west-2.amazonaws.com/generated_attck_data.json", generated_nist_json= "https://swimlane-pyattck.s3.us-west-2.amazonaws.com/attck_to_nist_controls.json", ) print("[+] Updating MITRE datasets") mitre.update()
import pandas as pd import matplotlib.pyplot as plt from pyattck import Attck attack = Attck() attack.update(enterprise=True) techniques = [] data_sources = [] for technique in attack.enterprise.techniques: if technique.data_source: for data_source in technique.data_source: techniques.append(technique.name) data_sources.append(data_source) data = { 'technique': techniques, 'data_source': data_sources } t2d = pd.DataFrame(data, columns=['technique', 'data_source']) t2d.head(20) # Look at the frequency of the data sources dataFrequency = t2d['data_source'].value_counts() dataFrequency.head(20) plt.bar(dataFrequency.index, dataFrequency.values) plt.xticks(dataFrequency.index, dataFrequency.index, rotation=90)