search

mitre-attack / mitreattack-python

A python module for working with ATT&CK
https://mitreattack-python.readthedocs.io/
Apache License 2.0
470 stars 108 forks source link

[Request] Build SVG techniques matrix with only enabled TTPs in layer #171

Open NicolasKol opened 7 months ago

NicolasKol commented 7 months ago

Problem

The current way of building the SVG from my understanding, is to build all the TTP Blocks, if they are not excluded. Which for me means, if I want to build a matrix with only the TTPs used in my layer, I would need to include all the TTPs from a collection in my layer and then put the flag enabled to false. So every layer needs to be the full TTP collection for me to achieve my goal of building svgs with only my layer TTPs. I am not quite sure if I misunderstand the code, so if this is not the case feel free to correct me.

The code I am referring to is in the to_svg.py under navlayers/exporters and relevant for the functionality of get_tactic() in the svg_template.py

Solution suggestion

I would be forever grateful if I could build the svg with only scored or present TTPs rather than excluding all non used in my layer. A showSubtechniques = selective or something.

My workaround

I'm going to try and fill the exclude list with all the TTPs I am not using somehow, which is tricky because it's only accessible through the provided layers. Or copy the svg generation code and build my own logic for the matrix generation.

Personal note

Again if I misinterpreted something, I would be grateful if you correct me! Also if this is a feature you would add, I could contribute my solution, although this would be my first open source contribution, so I would probably need some guidance :)

clemiller commented 7 months ago

Hi @NicolasKol,

Thanks for opening a request! You're correct that any techniques you want excluded from the SVG would need to be listed in the layer file with the "enabled": false property. This works in tandem with the hideDisabled layer property, which would need to be set to true (for more details, see the layer specification here).

The solution you're suggesting would be a handy way to exclude techniques from the SVG while keeping the layer file a reasonable size. There may be some edge cases to consider to ensure it works with the enabledness of techniques, but I think this functionality would be useful overall. As a side note: this type of functionality could be useful for Navigator as well, which would involve updating the layer file format spec for compatibility if a new layer property is added.

Contributions are welcome - if you are interested in sharing your solution to this issue, we would be happy to review it! You can see more information about how to contribute in CONTRIBUTING.md.