def _menu(menu_parser):
"""
Parser for the command line parameter menu and calls the appropriate functions.
:param menu_parser: the argparse menu as created with '_init_menu()'
:return:
"""
args = menu_parser.parse_args()
if args.interactive:
interactive_menu()
elif args.subparser in ['editor', 'e']:
DeTTECTEditor(int(args.port)).start()
elif args.subparser in ['datasource', 'ds']:
if check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
file_ds = args.file_ds
if args.search:
file_ds = data_source_search(args.file_ds, args.search)
if not file_ds:
quit() # something went wrong in executing the search or 0 results where returned
if args.update and check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION, args.health):
update_technique_administration_file(file_ds, args.file_tech)
if args.layer:
generate_data_sources_layer(file_ds, args.output_filename, args.layer_name)
if args.excel:
export_data_source_list_to_excel(file_ds, args.output_filename, eql_search=args.search)
if args.graph:
plot_data_sources_graph(file_ds, args.output_filename)
if args.yaml:
generate_technique_administration_file(file_ds, args.output_filename, all_techniques=args.yaml_all_techniques)
elif args.subparser in ['visibility', 'v']:
if args.layer or args.overlay:
if not args.file_ds:
print('[!] Generating a visibility layer or an overlay requires the data source '
'administration YAML file (\'-fd, --file-ds\')')
quit()
if not check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
quit()
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION, args.health):
file_tech = args.file_tech
if args.search_detection or args.search_visibility:
file_tech = techniques_search(args.file_tech, args.search_visibility, args.search_detection,
include_all_score_objs=args.all_scores)
if not file_tech:
quit() # something went wrong in executing the search or 0 results where returned
if args.layer:
generate_visibility_layer(file_tech, args.file_ds, False, args.output_filename, args.layer_name)
if args.overlay:
generate_visibility_layer(file_tech, args.file_ds, True, args.output_filename, args.layer_name)
if args.graph:
plot_graph(file_tech, 'visibility', args.output_filename)
if args.excel:
export_techniques_list_to_excel(file_tech, args.output_filename)
# todo add search capabilities
elif args.subparser in ['group', 'g']:
generate_group_heat_map(args.groups, args.overlay, args.overlay_type, args.stage, args.platform,
args.software_group, args.search_visibility, args.search_detection, args.health,
args.output_filename, args.layer_name, include_all_score_objs=args.all_scores)
elif args.subparser in ['detection', 'd']:
if args.overlay:
if not args.file_ds:
print('[!] An overlay requires the data source administration YAML file (\'-fd, --file-ds\')')
quit()
if not check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
quit()
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION, args.health):
file_tech = args.file_tech
if args.search_detection or args.search_visibility:
file_tech = techniques_search(args.file_tech, args.search_visibility, args.search_detection,
include_all_score_objs=args.all_scores)
if not file_tech:
quit() # something went wrong in executing the search or 0 results where returned
if args.layer:
generate_detection_layer(file_tech, args.file_ds, False, args.output_filename, args.layer_name)
if args.overlay and check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
generate_detection_layer(file_tech, args.file_ds, True, args.output_filename, args.layer_name)
if args.graph:
plot_graph(file_tech, 'detection', args.output_filename)
if args.excel:
export_techniques_list_to_excel(file_tech, args.output_filename)
elif args.subparser in ['generic', 'ge']:
if args.datasources:
get_statistics_data_sources()
elif args.mitigations:
get_statistics_mitigations(args.mitigations)
elif args.updates:
get_updates(args.updates, args.sort)
else:
menu_parser.print_help()
def _menu(menu_parser):
"""
Parser for the command line parameter menu and calls the appropriate functions.
:param menu_parser: the argparse menu as created with '_init_menu()'
:return:
"""
args = menu_parser.parse_args()
if 'local_stix_path' in args and args.local_stix_path:
generic.local_stix_path = args.local_stix_path
if args.subparser in ['editor', 'e']:
DeTTECTEditor(int(args.port)).start()
elif args.subparser in ['datasource', 'ds']:
if check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION,
args.health):
layer_settings = _parse_layer_settings(args.layer_settings)
file_ds = args.file_ds
if args.applicable_to:
eql_search = get_eql_applicable_to_query(
args.applicable_to, file_ds,
FILE_TYPE_DATA_SOURCE_ADMINISTRATION)
file_ds = data_source_search(args.file_ds, eql_search)
if not file_ds:
quit(
) # something went wrong in executing the search or 0 results where returned
if args.search:
file_ds = data_source_search(file_ds, args.search)
if not file_ds:
quit(
) # something went wrong in executing the search or 0 results where returned
if args.update and check_file(args.file_tech,
FILE_TYPE_TECHNIQUE_ADMINISTRATION,
args.health):
update_technique_administration_file(file_ds, args.file_tech)
if args.layer:
generate_data_sources_layer(file_ds, args.output_filename,
args.layer_name, layer_settings)
if args.excel:
export_data_source_list_to_excel(file_ds,
args.output_filename,
eql_search=args.search)
if args.graph:
plot_data_sources_graph(file_ds, args.output_filename)
if args.yaml:
generate_technique_administration_file(
file_ds,
args.output_filename,
all_techniques=args.yaml_all_techniques)
elif args.subparser in ['visibility', 'v']:
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION,
args.health):
layer_settings = _parse_layer_settings(args.layer_settings)
file_tech = args.file_tech
if args.platform:
if not check_platform(args.platform, filename=file_tech):
quit()
if args.search_detection or args.search_visibility:
file_tech = techniques_search(
args.file_tech,
args.search_visibility,
args.search_detection,
include_all_score_objs=args.all_scores)
if not file_tech:
quit(
) # something went wrong in executing the search or 0 results where returned
if args.layer:
generate_visibility_layer(file_tech, False,
args.output_filename,
args.layer_name, layer_settings,
args.platform)
if args.overlay:
generate_visibility_layer(file_tech, True,
args.output_filename,
args.layer_name, layer_settings,
args.platform)
if args.graph:
plot_graph(file_tech, 'visibility', args.output_filename)
if args.excel:
export_techniques_list_to_excel(file_tech,
args.output_filename)
# TODO add Group EQL search capabilities
elif args.subparser in ['group', 'g']:
layer_settings = _parse_layer_settings(args.layer_settings)
generate_group_heat_map(args.groups,
args.overlay,
args.overlay_type,
args.platform,
args.software_group,
args.search_visibility,
args.search_detection,
args.health,
args.output_filename,
args.layer_name,
args.domain,
layer_settings,
include_all_score_objs=args.all_scores)
elif args.subparser in ['detection', 'd']:
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION,
args.health):
layer_settings = _parse_layer_settings(args.layer_settings)
file_tech = args.file_tech
if args.platform:
if not check_platform(args.platform, filename=file_tech):
quit()
if args.search_detection or args.search_visibility:
file_tech = techniques_search(
args.file_tech,
args.search_visibility,
args.search_detection,
include_all_score_objs=args.all_scores)
if not file_tech:
quit(
) # something went wrong in executing the search or 0 results where returned
if args.layer:
generate_detection_layer(file_tech, False,
args.output_filename, args.layer_name,
layer_settings, args.platform)
if args.overlay:
generate_detection_layer(file_tech, True, args.output_filename,
args.layer_name, layer_settings,
args.platform)
if args.graph:
plot_graph(file_tech, 'detection', args.output_filename)
if args.excel:
export_techniques_list_to_excel(file_tech,
args.output_filename)
elif args.subparser in ['generic', 'ge']:
if args.datasources:
platform = args.platform
if platform:
if not check_platform(platform, domain=args.datasources):
quit()
get_statistics_data_sources(args.datasources, platform)
elif args.mitigations:
get_statistics_mitigations(args.mitigations)
elif args.updates:
get_updates(args.updates, args.sort)
elif args.list_platforms:
get_platforms(args.list_platforms)
else:
menu_parser.print_help()