Пример #1
0
def create_markdown_dirs():
    config = ATCutils.load_config('config.yml')
    base_dir = Path(
        config.get('md_name_of_root_directory', '../Atomic_Threat_Coverage'))

    target_dir_list = [
        'Detection_Rules', 'Logging_Policies', 'Data_Needed', 'Triggers',
        'Response_Actions', 'Response_Playbooks', 'Enrichments', 'Customers'
    ]

    for item in target_dir_list:
        (base_dir / item).mkdir(parents=True, exist_ok=True)
Пример #2
0
from enrichment import Enrichment
from responseaction import ResponseAction
from responseplaybook import ResponsePlaybook
from customer import Customer
from attack_mapping import te_mapping  # , ta_mapping

# Import ATC Utils
from atcutils import ATCutils

# Others
import glob
import sys
import traceback
import os

ATCconfig = ATCutils.load_config("config.yml")


class PopulateConfluence:
    """Desc"""
    def __init__(self,
                 auth,
                 lp=False,
                 dn=False,
                 dr=False,
                 en=False,
                 tg=False,
                 ra=False,
                 rp=False,
                 cu=False,
                 ms=False,
Пример #3
0
#!/usr/bin/env python3

from atcutils import ATCutils
from attack_mapping import te_mapping, ta_mapping

from jinja2 import Environment, FileSystemLoader

import os
import subprocess
import re

# ########################################################################### #
# ########################### Detection Rule ################################ #
# ########################################################################### #

ATCconfig = ATCutils.load_config('config.yml')


class DetectionRule:
    """Class for the Detection Rule entity"""
    def __init__(self, yaml_file, apipath=None, auth=None, space=None):
        """Init method"""

        # Init vars
        self.yaml_file = yaml_file

        # The name of the directory containing future markdown DetectionRules
        self.parent_title = "Detection_Rules"

        self.apipath = apipath
        self.auth = auth
Пример #4
0
                           dr=args.detectionrule,
                           tg=args.triggers,
                           en=args.enrichment,
                           ra=args.responseactions,
                           rp=args.responseplaybook,
                           rs=args.responsestage,
                           cu=args.customers,
                           hp=args.hardeningpolicy,
                           init=args.init)

    elif args.react_stix:
        GenerateSTIX()
    elif args.react_navigator:
        GenerateNavigator()
    elif args.visualisations:
        ATCconfig = ATCutils.load_config("config.yml")
        ATCconfig_default = ATCutils.load_config("config.default.yml")
        if not args.vis_output_dir:
            analytics_generated = ATCconfig.get(
                "exported_analytics_directory",
                ATCconfig_default.get("exported_analytics_directory"))
            analytics_generated = analytics_generated if \
                analytics_generated[-1] == "/" else analytics_generated + "/"
            output_path = analytics_generated + "visualizations/"

            if not args.vis_output_file_name:
                output_name = ''.join(
                    random.choices(string.ascii_uppercase +
                                   string.ascii_lowercase + string.digits,
                                   k=20))
                # output_name += ".json"
Пример #5
0
def main(c_auth=None):

    try:
        ATCconfig = ATCutils.load_config("config.yml")
        confluence_space_name = ATCconfig.get('confluence_space_name')
        confluence_space_home_page_name = ATCconfig.get(
            'confluence_space_home_page_name')
        confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url')
        confluence_name_of_root_directory = ATCconfig.get(
            'confluence_name_of_root_directory')

    except Exception as e:
        raise e
        pass

    if not c_auth:
        mail = input("Login: "******""

    print("Creating ATC page..")
    # print(str(ATCutils.confluence_get_page_id(url,
    # auth, confluence_space_name, confluence_space_home_page_name)))
    data = {
        "title":
        confluence_name_of_root_directory,
        "spacekey":
        confluence_space_name,
        "parentid":
        str(
            ATCutils.confluence_get_page_id(url, auth, confluence_space_name,
                                            confluence_space_home_page_name)),
        "confluencecontent":
        content,
    }

    # print(push_to_confluence(data, url, auth))
    if not ATCutils.push_to_confluence(data, url, auth):
        raise Exception("Could not create or update the page. " +
                        "Is the parent name correct?")

    spaces = [
        "Detection Rules", "Logging Policies", "Data Needed", "Triggers",
        "Response Actions", "Response Playbooks", "Enrichments", "Customers",
        "Mitigation Systems", "Mitigation Policies", "Hardening Policies"
    ]

    for space in spaces:
        print("Creating %s.." % space)
        data = {
            "title":
            space,
            "spacekey":
            confluence_space_name,
            "parentid":
            str(
                ATCutils.confluence_get_page_id(
                    url, auth, confluence_space_name,
                    confluence_name_of_root_directory)),
            "confluencecontent":
            content,
        }
        # print(push_to_confluence(data, url, auth))
        if not ATCutils.push_to_confluence(data, url, auth):
            raise Exception("Could not create or update the page. " +
                            "Is the parent name correct?")
    print("Done!")
    return True