search

mitre-attack / tram

Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
Apache License 2.0
346 stars 66 forks source link

Database not populating when using local-json #63

Closed ct1337 closed 3 years ago

ct1337 commented 4 years ago

I followed the instructions for offline install, but I find the database is blank (i checked by running sqlite3) after I run tram.py. This is the output when running tram.py:

tram.py:22: DeprecationWarning: "@coroutine" decorator is deprecated since Python 3.8, use "async def" instead async def background_tasks(taxii_local='online', build=False, json_file=None): tram.py:46: DeprecationWarning: "@coroutine" decorator is deprecated since Python 3.8, use "async def" instead async def init(host, port): INFO:root:Welcome to TRAM DEBUG:root:Will build model from static file DEBUG:asyncio:Using selector: KqueueSelector DEBUG:root:[#] 0 Existing items in the DB ERROR:asyncio:Task exception was never retrieved future: <Task finished name='Task-1' coro=<background_tasks() done, defined at tram.py:21> exception=KeyError('description')> Traceback (most recent call last): File "tram.py", line 42, in background_tasks await data_svc.insert_attack_json_data(json_file) File "/Users/admin/Downloads/tram/service/data_svc.py", line 142, in insert_attack_json_data 'description': item['description'], KeyError: 'description' INFO:root:[] Found punkt INFO:root:[] Found stopwords INFO:root:server starting: 0.0.0.0:9999

Note: I was following these instructions: "If you try running TRAM behind a proxy, get an SSL error, or do not want to reach out to TAXII, you can build the database from a local JSON file.(to do this ensure there is no tram.db file in the tram/database directory) Download the JSON from here: https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json Save the JSON in the tram/models directory Edit the tram/conf/config.yaml to taxii-local: local-json build: True run the program python tram.py the database will then be built using the JSON"

ct1337 commented 4 years ago

I realized that tram does not support the latest version of this file: https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json When I used a version of the json from before the date when subtechniques were released, I was able to get it to work.

MarkDavidson commented 3 years ago

Hello @ct1337 and thank you for the bug report. TRAM has moved to https://github.com/center-for-threat-informed-defense/tram and the bug has been fixed in that repository so I am closing this issue. Thank you!