Skip to content

Commit

Permalink
Merge pull request #7 from rabobank-cdc/development
Browse files Browse the repository at this point in the history 
Merge dev to master for version 1.1.1
  • Loading branch information
@marcusbakker
marcusbakker authored May 23, 2019
2 parents 778dded + 5fef4b6 commit 75c4fa6
Show file tree
Hide file tree
Showing 25 changed files with 758 additions and 142 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<img src="https://github.com/rabobank-cdc/DeTTACT/wiki/images/logo.png" alt="DeTT&CT" width=30% height=30%>

#### Detect Tactics, Techniques & Combat Threats
Latest version: [1.1](https://github.com/rabobank-cdc/DeTTACT/wiki/Changelog#version-11)
Latest version: [1.1.1](Changelog#version-111)

To get started with DeTT&CT, check out the
[Wiki](https://github.com/rabobank-cdc/DeTTACT/wiki/Getting-started).
Expand Down Expand Up @@ -37,7 +37,7 @@ of which can be visualised by loading JSON layer files into the [ATT&CK Navigato

See below an example of mapping your data sources to ATT&CK which gives you a rough overview of your visibility coverage:

<img src="https://github.com/rabobank-cdc/DeTTACT/wiki/images/example_data_sources.png" alt="DeTT&CT - Data quality">
<img src="images/example_data_sources.png" alt="DeTT&CT - Data quality">


## Installation and requirements
Expand Down
2 changes: 1 addition & 1 deletion constants.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
APP_NAME = 'DeTT&CT'
APP_DESC = 'Detect Tactics, Techniques & Combat Threats'
VERSION = '1.1'
VERSION = '1.1.1'

EXPIRE_TIME = 60*60*24

Expand Down
38 changes: 22 additions & 16 deletions dettact.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,9 @@ def init_menu():
# create the visibility parser
parser_visibility = subparsers.add_parser('visibility', aliases=['v'],
help='visibility coverage mapping based on techniques and data sources',
description='Create a heat map based on visibility scores or overlay '
'visibility with detections.')
description='Create a heat map based on visibility scores, overlay '
'visibility with detections, output to Excel or check the '
'health of the technique administration YAML file.')
parser_visibility.add_argument('-ft', '--file-tech', help='path to the technique administration YAML file (used to '
'score the level of visibility)', required=True)
parser_visibility.add_argument('-fd', '--file-ds', help='path to the data source administration YAML file (used to '
Expand All @@ -56,15 +57,17 @@ def init_menu():
action='store_true')
parser_visibility.add_argument('-e', '--excel', help='generate an Excel sheet with all administrated techniques',
action='store_true')
parser_visibility.add_argument('-o', '--overlay', help='generate a visibility layer overlayed with detections for '
parser_visibility.add_argument('-o', '--overlay', help='generate a visibility layer overlaid with detections for '
'the ATT&CK navigator', action='store_true')
parser_visibility.add_argument('--health', help='check the technique YAML file for errors', action='store_true')

# create the detection parser
parser_detection = subparsers.add_parser('detection', aliases=['d'],
help='detection coverage mapping based on techniques',
description='Create a heat map based on detection scores, overlay '
'detections with visibility or generate a detection '
'improvement graph.')
'detections with visibility, generate a detection '
'improvement graph, output to Excel or check the health of '
'the technique administration YAML file.')
parser_detection.add_argument('-ft', '--file-tech', help='path to the technique administration YAML file (used to '
'score the level of visibility)', required=True)
parser_detection.add_argument('-fd', '--file-ds', help='path to the data source administration YAML file (used in '
Expand All @@ -77,10 +80,11 @@ def init_menu():
action='store_true')
parser_detection.add_argument('-e', '--excel', help='generate an Excel sheet with all administrated techniques',
action='store_true')
parser_detection.add_argument('-o', '--overlay', help='generate a detection layer overlayed with visibility for '
parser_detection.add_argument('-o', '--overlay', help='generate a detection layer overlaid with visibility for '
'the ATT&CK navigator', action='store_true')
parser_detection.add_argument('-g', '--graph', help='generate a graph with detections added through time',
action='store_true')
parser_detection.add_argument('--health', help='check the technique YAML file for errors', action='store_true')

# create the group parser
parser_group = subparsers.add_parser('group', aliases=['g'],
Expand Down Expand Up @@ -143,7 +147,7 @@ def menu(menu_parser):
interactive_menu()

elif args.subparser in ['datasource', 'ds']:
if check_file_type(args.file, FILE_TYPE_DATA_SOURCE_ADMINISTRATION):
if check_file(args.file, FILE_TYPE_DATA_SOURCE_ADMINISTRATION):
if args.layer:
generate_data_sources_layer(args.file)
if args.excel:
Expand All @@ -160,17 +164,18 @@ def menu(menu_parser):
'administration YAML file (\'--file-ds\')')
quit()

if check_file_type(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION) and \
check_file_type(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION):
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION, args.health) and \
check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
if args.layer:
generate_visibility_layer(args.file_tech, args.file_ds, False, args.applicable)
if args.overlay:
generate_visibility_layer(args.file_tech, args.file_ds, True, args.applicable)

if args.excel and check_file_type(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION) and args.applicable == 'all':
export_techniques_list_to_excel(args.file_tech)
if args.excel and args.applicable != 'all':
print("[!] Filtering on 'applicable_to' is not supported for Excel output")
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION, args.health):
if args.excel and args.applicable == 'all':
export_techniques_list_to_excel(args.file_tech)
if args.excel and args.applicable != 'all':
print('[!] Filtering on \'applicable_to\' is not supported for Excel output')

elif args.subparser in ['group', 'g']:
generate_group_heat_map(args.groups, args.overlay, args.overlay_type, args.stage, args.platform, args.software_group, args.applicable)
Expand All @@ -180,13 +185,13 @@ def menu(menu_parser):
if not args.file_ds:
print('[!] Doing an overlay requires adding the data source administration YAML file (\'--file-ds\')')
quit()
if not check_file_type(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION):
if not check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
quit()

if check_file_type(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION):
if check_file(args.file_tech, FILE_TYPE_TECHNIQUE_ADMINISTRATION, args.health):
if args.layer:
generate_detection_layer(args.file_tech, args.file_ds, False, args.applicable)
if args.overlay and check_file_type(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION):
if args.overlay and check_file(args.file_ds, FILE_TYPE_DATA_SOURCE_ADMINISTRATION, args.health):
generate_detection_layer(args.file_tech, args.file_ds, True, args.applicable)
if args.graph:
plot_detection_graph(args.file_tech, args.applicable)
Expand All @@ -204,6 +209,7 @@ def menu(menu_parser):
else:
menu_parser.print_help()


def prepare_folders():
"""
Create the folders 'cache' and 'output' if they do not exist.
Expand Down
Loading

0 comments on commit 75c4fa6

Please sign in to comment.