def create_markdown_dirs():
config = ATCutils.load_config('config.yml')
base_dir = Path(
config.get('md_name_of_root_directory', '../Atomic_Threat_Coverage'))
target_dir_list = ['Logging_Policies', 'Data_Needed', 'Enrichments']
for item in target_dir_list:
(base_dir / item).mkdir(parents=True, exist_ok=True)
def react_create_markdown_dirs():
config = ATCutils.load_config('config.yml')
base_dir = Path(config.get('md_name_of_root_directory', '../docs'))
target_dir_list = [
'Response_Actions', 'Response_Playbooks', 'Response_Stages'
]
for item in target_dir_list:
(base_dir / item).mkdir(parents=True, exist_ok=True)
from scripts.atcutils import ATCutils
from scripts.attack_mapping import te_mapping, ta_mapping
from scripts.amitt_mapping import amitt_tactic_mapping, amitt_technique_mapping
from jinja2 import Environment, FileSystemLoader
import os
import subprocess
import re
# ########################################################################### #
# ########################### Detection Rule ################################ #
# ########################################################################### #
ATCconfig = ATCutils.load_config('config.yml')
env = Environment(loader=FileSystemLoader('scripts/templates'))
class DetectionRule:
"""Class for the Detection Rule entity"""
def __init__(self, yaml_file, apipath=None, auth=None, space=None):
"""Init method"""
# Init vars
self.yaml_file = yaml_file
# The name of the directory containing future markdown DetectionRules
self.parent_title = "Detection_Rules"
#!/usr/bin/env python3
from scripts.atcutils import ATCutils
from jinja2 import Environment, FileSystemLoader
import os
# ########################################################################### #
# ########################### Enrichments ################################### #
# ########################################################################### #
ATCconfig = ATCutils.load_config("config.yml")
try:
env = Environment(
loader=FileSystemLoader('data/atc_data/scripts/templates'))
except:
env = Environment(loader=FileSystemLoader('scripts/templates'))
class Enrichment:
"""Class for the Enrichments entity"""
def __init__(self, yaml_file, apipath=None, auth=None, space=None):
"""Init method"""
# Init vars
self.yaml_file = yaml_file
# The name of the directory containing future markdown LogginPolicy
self.parent_title = "Enrichments"
self.apipath = apipath
rs=args.responsestage,
init=args.init)
elif args.react_stix:
GenerateSTIX()
elif args.react_navigator:
GenerateNavigator()
elif args.csv:
GenerateCSV()
elif args.td_navigator:
GenerateDetectionNavigator()
elif args.td_navigator_customers:
GenerateDetectionNavigatorCustomers()
elif args.es:
GenerateESIndex()
elif args.visualisations:
ATCconfig = ATCutils.load_config("config.yml")
ATCconfig_default = ATCutils.load_config("scripts/config.default.yml")
if not args.vis_output_dir:
analytics_generated = ATCconfig.get(
"exported_analytics_directory",
ATCconfig_default.get("exported_analytics_directory"))
analytics_generated = analytics_generated if \
analytics_generated[-1] == "/" else analytics_generated + "/"
output_path = analytics_generated + "visualizations/"
if not args.vis_output_file_name:
output_name = ''.join(
random.choices(string.ascii_uppercase +
string.ascii_lowercase + string.digits,
k=20))
# output_name += ".json"
#!/usr/bin/env python3
from scripts.atcutils import ATCutils
from scripts.attack_mapping import te_mapping, ta_mapping
from scripts.amitt_mapping import amitt_tactic_mapping, amitt_technique_mapping, amitt_mitigation_mapping
from jinja2 import Environment, FileSystemLoader
import os
import re
# ########################################################################### #
# ########################### Response Playboo ############################## #
# ########################################################################### #
ATCconfig = ATCutils.load_config("scripts/config.yml")
class ResponsePlaybook:
"""Class for the Playbook Actions entity"""
def __init__(self, yaml_file):
"""Init method"""
# Init vars
self.yaml_file = yaml_file
# The name of the directory containing future markdown Response_Playbooks
self.parent_title = "Response_Playbooks"
# Init methods
self.parse_into_fields(self.yaml_file)
def parse_into_fields(self, yaml_file):
def main(c_auth=None):
try:
ATCconfig = ATCutils.load_config("config.yml")
confluence_space_name = ATCconfig.get('confluence_space_name')
confluence_space_home_page_name = ATCconfig.get(
'confluence_space_home_page_name')
confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url')
confluence_name_of_root_directory = ATCconfig.get(
'confluence_name_of_root_directory')
except Exception as e:
raise e
pass
if not c_auth:
mail = input("Login: "******""
print("[*] Creating ATC root page...")
data = {
"title":
confluence_name_of_root_directory,
"spacekey":
confluence_space_name,
"parentid":
str(
ATCutils.confluence_get_page_id(url, auth, confluence_space_name,
confluence_space_home_page_name)),
"confluencecontent":
content,
}
if not ATCutils.push_to_confluence(data, url, auth):
raise Exception("[-] Could not create or update the page. " +
"Is the parent name correct?")
pages = [
"Detection Rules", "Logging Policies", "Data Needed", "Triggers",
"Enrichments", "Customers", "Mitigation Systems",
"Mitigation Policies", "Hardening Policies", "Use Cases"
]
page_contents = {
"Customers":
"<p><ac:structured-macro ac:name=\"detailssummary\" ac:schema-version=\"2\" ><ac:parameter ac:name=\"cql\">label = "atc_customer" and space = currentSpace()</ac:parameter></ac:structured-macro></p>",
"Use Cases":
"<p><ac:structured-macro ac:name=\"detailssummary\" ac:schema-version=\"2\" ><ac:parameter ac:name=\"cql\">label = "atc_usecases" and space = currentSpace()</ac:parameter></ac:structured-macro></p>",
}
for page in pages:
print("Creating %s..." % page)
data = {
"title":
page,
"spacekey":
confluence_space_name,
"parentid":
str(
ATCutils.confluence_get_page_id(
url, auth, confluence_space_name,
confluence_name_of_root_directory)),
"confluencecontent":
page_contents.get(page, content),
}
if not ATCutils.push_to_confluence(data, url, auth):
raise Exception("[-] Could not create or update the page. " +
"Is the parent name correct?")
print("[+] Initial Confluence page structure created!")
return True
def main(c_auth=None):
try:
ATCconfig = ATCutils.load_config("config.yml")
confluence_space_name = ATCconfig.get('confluence_space_name')
confluence_space_home_page_name = ATCconfig.get(
'confluence_space_home_page_name')
confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url')
confluence_name_of_root_directory = ATCconfig.get(
'confluence_name_of_root_directory')
except Exception as e:
raise e
pass
if not c_auth:
mail = input("Login: "******""
print("[*] Creating ATC root page...")
data = {
"title":
confluence_name_of_root_directory,
"spacekey":
confluence_space_name,
"parentid":
str(
ATCutils.confluence_get_page_id(url, auth, confluence_space_name,
confluence_space_home_page_name)),
"confluencecontent":
content,
}
if not ATCutils.push_to_confluence(data, url, auth):
raise Exception("[-] Could not create or update the page. " +
"Is the parent name correct?")
pages = ["Logging Policies", "Data Needed", "Enrichments"]
for page in pages:
print("Creating %s..." % page)
data = {
"title":
page,
"spacekey":
confluence_space_name,
"parentid":
str(
ATCutils.confluence_get_page_id(
url, auth, confluence_space_name,
confluence_name_of_root_directory)),
"confluencecontent":
content,
}
if not ATCutils.push_to_confluence(data, url, auth):
raise Exception("[-] Could not create or update the page. " +
"Is the parent name correct?")
print("[+] Initial Confluence page structure created!")
return True