search

center-for-threat-informed-defense / sensor-mappings-to-attack

Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.
https://center-for-threat-informed-defense.github.io/sensor-mappings-to-attack/
Apache License 2.0
45 stars 2 forks source link

Development: Create STIX data files #8

Closed tleef42 closed 1 year ago

tleef42 commented 1 year ago
Creates 3 scripts to generate STIX bundles from sensor data. Organization of scripts is modeled from the VERIS Mappings to ATT&CK project such that: Directory Description
parse/ Tools for parsing Sensor data and mappings spreadsheets.
util/ Utilities for generating content from mappings data, such as Navigator layers, CSV files, etc.

src/util/create_mappings.py

Summary

This intakes the Excel sheet for the mappings, converts it to a DataFrame and standardizes the fields. Adds the ATT&CK Data Source ID as a new field to the DataFrame using an ATT&CK spreadsheets The DataFrame is split by Sensor and saved as CSVs which are used to generate STIX objects in generate_stix.py

src/parse/generate_stix.py

Summary

Utility script to generate and save STIX Bundles files from a corresponding CSV. The script creates custom STIX Objects when needed for:

src/util/create_heatmap.py

Summary

Generates ATT&CK Navigator layers for the sensor from its STIX Bundle on disk. It builds out a layer for each Sensor Data Bundle on disk and consolidates all the techniques from all Sensor Navigator layers into a file called sensor-comparison-heatmap.json. The layers can be found in the layers folder of the attack type in the stix output folder.

Related Tickets

Resolves the tickets SMAP70 & SMAP-83