def test_by_name_works(self): tech = MitreAttackTechnique.get_by_name(self.mitre_attack, "Port Knocking") assert tech is not None tech = MitreAttackTechnique.get_by_name(self.mitre_attack, "Absolutely made up name") assert tech is None
def get_multiple_techniques(mitre_conn, mitre_technique_ids=None, mitre_technique_names=None): """ Gets multiple techniques from a comma separated input of IDs or names. If both are given, the IDs are used. :param mitre_conn: MitreAttackConnection instance :param mitre_technique_ids: Comma separated string with MITRE IDs :param mitre_technique_names: Comma separated string with MITRE names :return: List of techniques :rtype: list(MitreAttackTechnique) """ if mitre_technique_ids is not None: # Try id first, because it's less ambiguous technique_ids = mitre_technique_ids.split(',') techniques = [] for t_id in technique_ids: technique = MitreAttackTechnique.get_by_id(mitre_conn, t_id) if not technique: raise ValueError("Technique with id {} doesn't exist".format(t_id)) techniques.extend(technique) else: # It's possible for multiple tactics to have the same name # And we want to make sure that all of them are processed in that case technique_names = mitre_technique_names.split(',') techniques = [] for name in technique_names: technique = MitreAttackTechnique.get_by_name(mitre_conn, name) if not technique: raise ValueError("Techniques with name {} don't exist".format(name)) techniques.extend(technique) return techniques
def test_all_searches_returns_list(self): techniques = MitreAttackTechnique.get_by_name(self.mitre_attack, "Port Knocking") assert isinstance(techniques, list) assert len(techniques) > 1 techniques = MitreAttackTechnique.get_by_name( self.mitre_attack, "Domain Generation Algorithms") assert isinstance(techniques, list) assert len(techniques) == 1
def test_get_tech_info(self): data_mocker = MitreQueryMocker() with patch( "fn_mitre_integration.lib.mitre_attack.TAXIICollectionSource.query", data_mocker.query): tech = MitreAttackTechnique.get_by_name(self.mitre_conn, "Port Knocking") assert (tech[0].name == "Port Knocking") tech = MitreAttackTechnique.get_by_id(self.mitre_conn, "T1205") assert (tech[0].id == "T1205")
def test_get_representative_techniques(self): t = MitreAttackTechnique.get(self.mitre_conn, id="T1453") # From Mobile collection assert t assert [x.get_tactic(self.mitre_conn) for x in t] t = MitreAttackTechnique.get(self.mitre_conn, id="T1155") # From Enterprise assert t assert [x.get_tactic(self.mitre_conn) for x in t] t = MitreAttackTechnique.get(self.mitre_conn, id="T1245") # From Pre-Attack assert t assert [x.get_tactic(self.mitre_conn) for x in t]
def test_get_tech_mitigation(self): """ There are some techniques that do not have mitigations. We will test few and if at least one of the first 5 has mitigations we're ok, otherwise we probably need to check if there's an error. """ techs = MitreAttackTechnique.get_all(self.mitre_conn) assert len(techs) try: count = 0 for tech in techs: id = tech.id assert (id) mitigation = tech.get_mitigations(self.mitre_conn) count += 1 if len(mitigation): assert MitreAttackMitigation.get_by_name( self.mitre_conn, mitigation[0].name) break if count > MAXIMUM_N_TECHNIQUES_WITHOUT_MITIGATION: assert False except Exception as e: assert (False)
def test_collection_name_included(self): techniques = MitreAttackTechnique.get_by_name(self.mitre_attack, "Port Knocking") assert len(techniques) == 2 assert techniques[0].collection is not None and techniques[ 1].collection is not None assert techniques[0].collection != techniques[1].collection
def test_deprecated_technique_states_so_in_description(self): """ Gets tactics with name Impact, and checks that deprecation message was added. Deprecation flag was added to one of the mocked techniques. """ techniques = MitreAttackTechnique.get_by_name( self.mitre_attack, "Domain Generation Algorithms") assert any(x.description.startswith("Deprecated") for x in techniques)
def test_mitigation_of_tech(self): """ This one isn't mocked, because it would require mocking relationships :return: """ mitigations = MitreAttackTechnique.get_by_name(self.mitre_attack, "Port Knocking")[0]\ .get_mitigations(self.mitre_attack) assert mitigations is not None assert len(mitigations)
def test_tech_of_tactic(self): collection_tech = MitreAttackTechnique.get_by_tactic( self.mitre_attack, MitreAttackTactic.get_by_name(self.mitre_attack, "Collection")[0]) assert collection_tech is not None assert len(collection_tech) > 1 assert MitreAttackTactic.get_by_name(self.mitre_attack, "Command and Control")[0]\ .get_techniques(self.mitre_attack) is not None
def test_technique_representation_doesnt_have_unsupported_tags(self): """ Mocked Domain Generation Algorithms on purpose has added code tags to where they could appear. """ techniques = MitreAttackTechnique.get_by_name( self.mitre_attack, "Domain Generation Algorithms") dict_reps = [technique.dict_form() for technique in techniques] # check for every technique's representation that all the field don't have the tag assert all([("<code>" not in technique_repr[key] for key in technique_repr) for technique_repr in dict_reps])
def test_get_tech_mitigation(self): techs = MitreAttackTechnique.get_all(self.mitre_conn) assert len(techs) try: # # There are more than 200 techs. Try first 5 only # count = 0 for tech in techs: id = tech.id assert (id) mitigation = tech.get_mitigations(self.mitre_conn) assert mitigation count += 1 if count > 2: break # Test getting mitigation using name mitigation = tech.get_mitigations(self.mitre_conn) assert mitigation except Exception as e: assert (False)
def test_tech_get_all(self): assert len(MitreAttackTechnique.get_all( self.mitre_attack)) == len(MitreQueryMocker.TECHNIQUES[0]) + len( MitreQueryMocker.TECHNIQUES[1]) + len( MitreQueryMocker.TECHNIQUES[2])
def test_by_id_works(self): tech = MitreAttackTechnique.get_by_id(self.mitre_attack, "T1205") assert tech is not None tech = MitreAttackTechnique.get_by_id(self.mitre_attack, "Made up id") assert tech is None
def test_getting_tactic_from_technique_works(self): tech = MitreAttackTechnique.get_by_id(self.mitre_attack, "T1205")[0] assert tech.get_tactic(self.mitre_attack) is not None