def test_by_name_works(self):
tech = MitreAttackTechnique.get_by_name(self.mitre_attack,
"Port Knocking")
assert tech is not None
tech = MitreAttackTechnique.get_by_name(self.mitre_attack,
"Absolutely made up name")
assert tech is None
def get_multiple_techniques(mitre_conn, mitre_technique_ids=None, mitre_technique_names=None):
"""
Gets multiple techniques from a comma separated input of IDs or names.
If both are given, the IDs are used.
:param mitre_conn: MitreAttackConnection instance
:param mitre_technique_ids: Comma separated string with MITRE IDs
:param mitre_technique_names: Comma separated string with MITRE names
:return: List of techniques
:rtype: list(MitreAttackTechnique)
"""
if mitre_technique_ids is not None:
# Try id first, because it's less ambiguous
technique_ids = mitre_technique_ids.split(',')
techniques = []
for t_id in technique_ids:
technique = MitreAttackTechnique.get_by_id(mitre_conn, t_id)
if not technique:
raise ValueError("Technique with id {} doesn't exist".format(t_id))
techniques.extend(technique)
else:
# It's possible for multiple tactics to have the same name
# And we want to make sure that all of them are processed in that case
technique_names = mitre_technique_names.split(',')
techniques = []
for name in technique_names:
technique = MitreAttackTechnique.get_by_name(mitre_conn, name)
if not technique:
raise ValueError("Techniques with name {} don't exist".format(name))
techniques.extend(technique)
return techniques
def test_all_searches_returns_list(self):
techniques = MitreAttackTechnique.get_by_name(self.mitre_attack,
"Port Knocking")
assert isinstance(techniques, list)
assert len(techniques) > 1
techniques = MitreAttackTechnique.get_by_name(
self.mitre_attack, "Domain Generation Algorithms")
assert isinstance(techniques, list)
assert len(techniques) == 1
def test_get_tech_info(self):
data_mocker = MitreQueryMocker()
with patch(
"fn_mitre_integration.lib.mitre_attack.TAXIICollectionSource.query",
data_mocker.query):
tech = MitreAttackTechnique.get_by_name(self.mitre_conn,
"Port Knocking")
assert (tech[0].name == "Port Knocking")
tech = MitreAttackTechnique.get_by_id(self.mitre_conn, "T1205")
assert (tech[0].id == "T1205")
def test_get_representative_techniques(self):
t = MitreAttackTechnique.get(self.mitre_conn,
id="T1453") # From Mobile collection
assert t
assert [x.get_tactic(self.mitre_conn) for x in t]
t = MitreAttackTechnique.get(self.mitre_conn,
id="T1155") # From Enterprise
assert t
assert [x.get_tactic(self.mitre_conn) for x in t]
t = MitreAttackTechnique.get(self.mitre_conn,
id="T1245") # From Pre-Attack
assert t
assert [x.get_tactic(self.mitre_conn) for x in t]
def test_get_tech_mitigation(self):
"""
There are some techniques that do not have mitigations.
We will test few and if at least one of the first 5 has mitigations we're ok,
otherwise we probably need to check if there's an error.
"""
techs = MitreAttackTechnique.get_all(self.mitre_conn)
assert len(techs)
try:
count = 0
for tech in techs:
id = tech.id
assert (id)
mitigation = tech.get_mitigations(self.mitre_conn)
count += 1
if len(mitigation):
assert MitreAttackMitigation.get_by_name(
self.mitre_conn, mitigation[0].name)
break
if count > MAXIMUM_N_TECHNIQUES_WITHOUT_MITIGATION:
assert False
except Exception as e:
assert (False)
def test_collection_name_included(self):
techniques = MitreAttackTechnique.get_by_name(self.mitre_attack,
"Port Knocking")
assert len(techniques) == 2
assert techniques[0].collection is not None and techniques[
1].collection is not None
assert techniques[0].collection != techniques[1].collection
def test_deprecated_technique_states_so_in_description(self):
"""
Gets tactics with name Impact, and checks that deprecation message was added.
Deprecation flag was added to one of the mocked techniques.
"""
techniques = MitreAttackTechnique.get_by_name(
self.mitre_attack, "Domain Generation Algorithms")
assert any(x.description.startswith("Deprecated") for x in techniques)
def test_mitigation_of_tech(self):
"""
This one isn't mocked, because it would require mocking relationships
:return:
"""
mitigations = MitreAttackTechnique.get_by_name(self.mitre_attack, "Port Knocking")[0]\
.get_mitigations(self.mitre_attack)
assert mitigations is not None
assert len(mitigations)
def test_tech_of_tactic(self):
collection_tech = MitreAttackTechnique.get_by_tactic(
self.mitre_attack,
MitreAttackTactic.get_by_name(self.mitre_attack, "Collection")[0])
assert collection_tech is not None
assert len(collection_tech) > 1
assert MitreAttackTactic.get_by_name(self.mitre_attack, "Command and Control")[0]\
.get_techniques(self.mitre_attack) is not None
def test_technique_representation_doesnt_have_unsupported_tags(self):
"""
Mocked Domain Generation Algorithms on purpose has added code tags to where they could appear.
"""
techniques = MitreAttackTechnique.get_by_name(
self.mitre_attack, "Domain Generation Algorithms")
dict_reps = [technique.dict_form() for technique in techniques]
# check for every technique's representation that all the field don't have the tag
assert all([("<code>" not in technique_repr[key]
for key in technique_repr)
for technique_repr in dict_reps])
def test_get_tech_mitigation(self):
techs = MitreAttackTechnique.get_all(self.mitre_conn)
assert len(techs)
try:
#
# There are more than 200 techs. Try first 5 only
#
count = 0
for tech in techs:
id = tech.id
assert (id)
mitigation = tech.get_mitigations(self.mitre_conn)
assert mitigation
count += 1
if count > 2:
break
# Test getting mitigation using name
mitigation = tech.get_mitigations(self.mitre_conn)
assert mitigation
except Exception as e:
assert (False)
def test_tech_get_all(self):
assert len(MitreAttackTechnique.get_all(
self.mitre_attack)) == len(MitreQueryMocker.TECHNIQUES[0]) + len(
MitreQueryMocker.TECHNIQUES[1]) + len(
MitreQueryMocker.TECHNIQUES[2])
def test_by_id_works(self):
tech = MitreAttackTechnique.get_by_id(self.mitre_attack, "T1205")
assert tech is not None
tech = MitreAttackTechnique.get_by_id(self.mitre_attack, "Made up id")
assert tech is None
def test_getting_tactic_from_technique_works(self):
tech = MitreAttackTechnique.get_by_id(self.mitre_attack, "T1205")[0]
assert tech.get_tactic(self.mitre_attack) is not None