Closed curious-attempt-bunny closed 2 years ago
For reference, here's what the attack-flow-example looks like via the current graphviz script:
cd ~/Downloads
curl https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-flow/main/schema/attack-flow-example.json -O -L
cd ~/Downloads/attack-flow/src
python3 -m attack_flow.scripts.graphviz ~/Downloads/attack-flow-example.json ~/Downloads/attack-flow-example.dot
dot ~/Downloads/attack-flow-example.dot -Tpng -O
Hi @curious-attempt-bunny, the Tesla diagram was created in Visio early in the life of the project, before the other tooling existed. We have been primarily using Attack Flow Builder to visualize the flows, and I agree that current graphviz output is disappointing. Thank you for the PR!
So here's the "Agent Tesla" sample output from the original graphviz.py, included in the 1.0.0 release
Then after I edited the Graphviz.py (in post #40) to use the Asset State for the label, I get this output, which is arguably more usable...
Finally, I see no value in the "http://flow-1" Oval at the top, so I manually edit the DOT file and comment out all of the flows from that oval. Okay, now we're getting somewhere, this is starting to look like useful output...
For reference here's my current (modified) version of graphviz.py graphviz.py.txt
Related to https://github.com/center-for-threat-informed-defense/attack-flow/issues/40, how does the community use the attack flow JSON files to publish quality diagrams, such as this one?
Are you able to share what tooling was used [to generate this]? Edit (opening question is still valid): Found the answer. They were manually(?) generated drawio diagrams (e.g. https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/data/action-object-tesla.drawio).