def mitre():
"""Urls might change, for proper urls see https://github.com/swimlane/pyattck"""
try:
from pyattck import Attck
except ImportError:
print(
"Missed dependency: install pyattck library, see requirements for proper version"
)
return
mitre = Attck(
nested_subtechniques=True,
save_config=False,
use_config=False,
config_file_path=os.path.join(CUCKOO_ROOT, "data", "mitre",
"config.yml"),
data_path=os.path.join(CUCKOO_ROOT, "data", "mitre"),
enterprise_attck_json=
"https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",
pre_attck_json=
"https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json",
mobile_attck_json=
"https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json",
nist_controls_json=
"https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/ATT%26CK-v9.0/nist800-53-r4/stix/nist800-53-r4-controls.json",
generated_attck_json=
"https://swimlane-pyattck.s3.us-west-2.amazonaws.com/generated_attck_data.json",
generated_nist_json=
"https://swimlane-pyattck.s3.us-west-2.amazonaws.com/attck_to_nist_controls.json",
)
print("[+] Updating MITRE datasets")
mitre.update()
import pandas as pd
import matplotlib.pyplot as plt
from pyattck import Attck
attack = Attck()
attack.update(enterprise=True)
techniques = []
data_sources = []
for technique in attack.enterprise.techniques:
if technique.data_source:
for data_source in technique.data_source:
techniques.append(technique.name)
data_sources.append(data_source)
data = {
'technique': techniques,
'data_source': data_sources
}
t2d = pd.DataFrame(data, columns=['technique', 'data_source'])
t2d.head(20)
# Look at the frequency of the data sources
dataFrequency = t2d['data_source'].value_counts()
dataFrequency.head(20)
plt.bar(dataFrequency.index, dataFrequency.values)
plt.xticks(dataFrequency.index, dataFrequency.index, rotation=90)