From a7368d556c6befead8d8ff6756148f050eef3586 Mon Sep 17 00:00:00 2001 From: Sara-Jayne Terp Date: Sun, 7 Mar 2021 09:42:53 +0000 Subject: [PATCH] Cleaned up framework generating code ... because we'll need this when the third framework goes in... --- .../generate_amitt_ttps.cpython-38.pyc | Bin 23919 -> 22577 bytes HTML_GENERATING_CODE/generate_amitt_ttps.py | 191 +- HTML_GENERATING_CODE/test_new_code.ipynb | 1874 ++--------------- amitt_blue_framework.md | 2 +- amitt_blue_framework_clickable.html | 570 +++++ amitt_red_framework.md | 2 +- amitt_red_framework_clickable.html | 2 +- ...ctics_table.csv => blue_framework_ids.csv} | 0 ...actics_table.csv => red_framework_ids.csv} | 0 9 files changed, 771 insertions(+), 1870 deletions(-) create mode 100644 amitt_blue_framework_clickable.html rename generated_csvs/{counters_tactics_table.csv => blue_framework_ids.csv} (100%) rename generated_csvs/{techniques_tactics_table.csv => red_framework_ids.csv} (100%) diff --git a/HTML_GENERATING_CODE/__pycache__/generate_amitt_ttps.cpython-38.pyc b/HTML_GENERATING_CODE/__pycache__/generate_amitt_ttps.cpython-38.pyc index d6e5cbb0cfe94eed8fdd9164a684afc2efc34ce3..303f5e6ded685d61ab1f6c1991d98dc0aadb4b1b 100644 GIT binary patch delta 7241 zcma)BeQ+Dcb-z8_9S$D^KSYTFNs*vP$^=RAOCMHaSt2D`wkesUBHFTG$rOk^iXcIN z+&k(61cJD96WguqIGe;u8zpFH5=buhH^)+!Ou2a`(J9Ym^ zI&qS5-`fKLiiYA+gWrCAznj&;Kb2+*?uMmEi9O-xxms{6kL$Ou54I z{K}8@-p){z(oifBkIhA=5=Lk$v1Ej%S#;jGlwxyUhfEF2h*|Me(&SOk-kg_6k|9M1 zl_D~|gUZzPFp0RRLe+<*h(a~$hEk=+sE2xiqER39LywzQ&;XP=t)x{@dT2GRfznI2 z&{`;cbSvEkrJvT(?NC6uk|4cF+-eJ3R!oCVHF>(xC>ZHq#^YD6oa-@F^*L!d8doWR=YB zfVQ7DT$O>Zw#e7;NqqSx;8j-%jB3tEqE#zep+ZX&t(HvAA$mn~XMtEPTCIgvK(yKl ztxC~qw|1d1E2!WWpmadX3r49I2L+ehJP;qT5?MzA?^G#wf$YU0Jp83GFaR&!^9?+*%1izJ<6hXrVkv@dbi?ACY>|!HOM0{~; za^A3_G-^fJ?;!O?t?U5wJ;r~%_1f_VaG1u>PIe0641ld&j6!sp%!ds(sHE|j6_$l` zTc*>SyTOdn%0yhnlS7%f3&%~w=|oxr~s$I4kI9s?M|kwRO3G3TlXPhTl1kJ9d;3tL9=8m}QkP6N#ounJ zBP0A5E#2KXQQHOG5ig{e8Pj6%>A-eZ|$x}Wo!=N#);T1yss+gF$=O^WeNSSx1+EHsjYkR^}RU+R87v&SX+aTdx*`4pe-s?_2vAu<{Xdg%?}) zQi-Mcq{$YbGpujkRN<;33zVP1XHZmwBtROd`9NtO8 zZ!_7)f3o*I(D%l^{bcEj`jiiMeA)=Gjpp;z*VxO)dv%WABHPP?*wS%{v#vrsc6GA%0(iQ8T6SA%>7-1j# zBOK~SKt1eh2u~w?9RTiF>sL1?mP^{&c<1exb2vJpj-$G;!tyw-6#ZyRM4NyZipRiL zHc^FQWMLiz9RY7U!US8Hfcb{i&4YxYVh~yz$$2Iq>nG!jO9o_^JdQ4@FY$VjAY|jD zZ1+)T?QG9NB6?*im6|hID-d8c^2k|E#J7+jW{;d~JAy8OHf zeYbF_*){$@hmPKkI~7rfa4&4n#kg^4Ar((rA2(jiaTVo#8$lS~#upDa*XOZaRKf(~ zGlGXdd$`^xN5;`<-@OZPbAaP9w47yEp(otRhM{2H2%ka_;oF0?UIdY%Z^ha^09%C< zc-|CY#(x&vk$Va$UqFfi=PNCQgJ@63lazfC=_v$;a1kMaa0wxY@Vf{r2=fSOgbc!y z0Ja)Sq`IEq;V||U-ZRv-YeSGB@75(;6=QNf%I0Y5QgRZo2vvO9; zx-)L71f`5hRY2{a1Z_>U-A+4~aiegm&&e#gc)-$}HVQnq9Yp9^PsWo`GdikuhAgHR z4`f{I?F`Ag;b!bzm9t*z%la&R)|2;Ue5=HK+0yeqtP#ob=PNRB)1QTRLcTKN%K$$- zvf!C@)kUO?PlaoA<>>n|%$5JNE_q*=FnpJYg97f2pNG0l;v3Hmq+;59pTHX7;%SmB zrH_c$O^nG~Tv2UOdu&xk80j!BhRY1)qlj-W7p56;a(qP~gbTVdMG}D#Kec9gS{w!ovvj=*P zfl=sgwl)KfZ?JHc?V68Xc7g~m_fBB_8P;Zy&toK)=22qKu-(jnv=cMfvq=79gy#_c z1Oe|Swr3dp_ZYsRZ4GYepwPL8`b8kvsui~qAjh&6;EtAvs8$MCB5qKD_hZ`?Wz4y* zp~u=9#G-L|K%{p&S7|1rb4Co02O%b+!B`q+&bo>f#>KUF++?#REqvy`gWDSdK1tm! zZzDCN3jXPKVtp8yh!wi#_*#Q7gJ&D3&aaIJ? zssf&gJ@7=FmEpOlVUKw6xkvGMqovOe&Y=xYVIsHwWx~m*jX(;!?1oDWa@%AS z-{2*`bW*{FgQ?_yMJKekl^tsS1{VltA;~qcJn2Sf87}3@DKcZ|fa`zghj^xl`R@lg z5X&%sDnl%*)RiX~v005Og_;{yL(Y(l0(70K&`a{JRS9??J5cRbDeHkW1TT8b8@Y3x zSub?Efla46Bn>b8q*<-h3QDUo4q7|`d>&^w^;+(XzCu=H%wCXAiUQ9KgFHRsb0kq8 zq^cKToL@-z8q_L4ldH&)lQMF#0Xb{cRb&*Z79WQp0ijgSXtZ)gexfPs&-n8&7m=~N zv&ui?S;bkq|JHUq(THi|{3YNT4`5A;b0;60nG5 z_GRRw2zYj~uOO7p$ehTue+Qi|I0a11ZITN^+w1bX6h-^B;@9CjiAKCq)knIlgSQ7D z6?kQh$l%2R=<^a?#u3|HRdTwe5C`SLz=^jTV!?;E1iT)KV3>hmpd^n0L4<>=aCV}v zsuq0WnsteTu`{bduM48m3#SosnI2uX}lX6nfU#U2bg&4KeDvFt2 z7ejS8(p3>MAPPc8%gBY0nab)LOdJ6dAqqeu7$>3>PxyCXtPjmt{2QqGVFI3vE0^)C zD}viWh0|H=a|>1s7j^Lk7*tu9O%?FDS4p8&jU~jdLTf}gc{AR;j!6VA03Nypc$LlJ zB+_Z^Xw<`hb$35Fb(VLJ9OH{4f62R!AM<5HM#3~g%gf#n-+jEEf9ZI)E9=ejSB}q< zM|tmwo!VotW$Xoh`owq0clp+P4(3Yn;B`V_Qxv#yz|BGd?&Tv$N3Un!L->0HbncS- zM%?(kgReWnk0Tm>4uXfRj-G2E+JsCxhg3 zYpO&pQteT*@yk&DQr4diA`QnxTZNAwhI((&T!*AI?+s? zTzhCDOd9d2?0i)7VGZ()bX{@oQV;Rh?%i{zxS#nJ;ulj^L7!Mmk-z^Lhx`x$9l7w8 z#j)ot?A^GMgZFikH9mLWzf1|0TaaE<$==4MxS7^t?I#E|0Psu{8}<%%lv7-XgnvcY zsO*{3{p95}`?NxGLfbMj;M~e8Y6Ai+_FYIHL_kHh5;x;XwoO#$j4S2_LvEZrd zDUP1T7)zP(og1!+uRYlmu>z}AYdBT)QEbg-W~#d}!5*V_l$ zb0?uHzM!)sSUZN0K$u5JAuxoC2;v1>dadFqwc#x*9>&64Vfd>^74yJzR3snvCf0s{ z@J|Rolm-DyllvKV{s%&7A4Lt519JhOx#l4NNJabgN?qYQ&bDX`x~BK*{K(lmZWrq( z3tk}!{+~h>7u*dZQJSsHN8`zV$Awd%DZyFJKH#sOZK)Q%uEMKg;fgIM7ud7>7iW9x iKL8%~p9q^xhLdcG<>?n|L~tc&14kH%Zf`d9IsjI&H@BOxzb#{X5+`|Y>8-+p_2``ZIAy-419g%lnwC~!#dul#by$)=BAD@@35+F!c# zBRhXO@BXBlNRlS`36=aZ9iTF`JWBi)YNg7flHW>IYJ*UrgEWsiAV;M`)JgL}veCn| zkQRYtr^U1cwDM>vErZZO%jpIPopd9ufH0p{QWt~;)J>}(ETq-62Erm*OOqZDifJA7 zLRdoU=_UwEX#;J9u#7g*`yec*&D00s2D+KHK)8_((=D_Os;;0TbSv!usgjP;`{_22 zTy#6#0a|XllkS4BijL6-=pM+ard@O|q}0%H`XJp0DYY&12<@f&LG;iGdVuzUR7Vfe zL!joR{YNCi;#(^X&cj4qR2HNe2Or6IC96Y( z=F_Sx@}df9S$2@yiI2bua zgWcEokINn=y?l4Mmb@Qzwju0A9VG!BIKv(k`g$xd#exxy^i~qZL2{->xRT|bcI6+eKHn_cYhvx zZv{{#S(+ad4A++JtQiX@<*xj_E;s*lmva(oP*^Z}T4Q}+;)cx5Kwyv=Xa!D(Suc7M zivVQTweQ~R+H2V3)4_xm2vG*xl*F6}g$OPL(PJ-2w@cdE+D~gyjlr^|fyu<##C#36 z<<;!ygT|rb80xeZq#E<(vltdVgs=xQ>>*hGEOstoG$AER0Bv# zB`F0@FDCg!Cgr3YeBTPPBT3xyeCxdpmdQsSteYo)T|fVT-Ml!LpFhk(Fl6R{&a6s; zOIF?OFCcx*wfl38;CiA>JN6ihqR}{ln6JB8?!HIMRUHYmx6Xla?$;cc=@6Z-YELzc zm*kZt``8>LrX98)_0eJ3IfU~F7ZBzVE+Q--2zp#Z>9+t<&dQRQ@DT)D48m2}M?o@d zsT$eGFkN&v<*0s$4?*IW;k&!1qN8rUm%%XIlr^oCY+NL&*eL@1nTpo-we5vsGjLyF z`w&pautj5fbS@kQ@)ztf&EKhLDi>{Co1bCOe0{}N`7CJ;g6Ok}ZN?~~EEW&Yxp+7< z3EYri9cWez;bZ(~t_m{FRd=gbP=p0o!0$lXOXw^VJ#7w$Sp`4hZX$24%)5t)`XrjT z%wMl^)rzXD=8m>z88^IF9T(!tVgU*o~kpe7Ogu zT+M(1#;lVFPw}4mO7~r=PSiKbwS<4F{@Y2c+OWehFvf6W$zA^#TD_9XVer<=U;X2J^^zG=3{$+Sdlj!lZaE?1N6Y&1ucp2M^b1mV(Y$HRorAc!d{ zS+$+3X+@});hLN_Hjo|s$;PE-Oub>A;0#BqEDjl3%_=h1R8RJ==uLTKOw8m-EJ%=C z!gG;mf;|m!prUn?iU<4)&%K0``?G&dFs~$|8 zfn!c|GDNkg&MskrQiS^u#Dv{M3AZW!m2G>DT?fHX6R@mfY`!4vJ$3qpxaM=RS5P+} z0nIbqZW*4Vg<*IE(11bpP%LV$=e3F&`QY~RNi6MGM)6qZv$C&YxixpkX86?!aYciX zS(hs+7A?)gVs?aw5U>e`bppESQ`Q#}4Hbp3wfT{$8MgiA zEz!t}hl3YR#bRd?tN}7$G~U<5*U^ONJ!-N_1iJ(+XTtbb`L}j#uFWp(&reSh4mG>U zOLy*1;w1T%9-Ip!?`%jr7muOe+|hW^$5*kIZy<<)X~eSj@f5Wft5X>eQ>m_RyfE=v zy0pLGFx=Sq_ji^gvzy6;9#$~#JQ{~99qg5L7Z=%|K#Fe@JAekZAnZX9t6XesTQS;+ zunS=afT6%rh$O^v%z2!788wqHqN)`x!djF~Nc`# z*l7XTD)nQ+RMcS?)0 z4o@fM-Sb4-q6JbdOERRuOB`Ml;ge?I)nqO1l9ole*^Qv9m=-9$Hz}87xNe?Ww1UNC z+T;M3gu)9cW7Gy$)XPxNjs<6@LCQ0$OKX5O8e1)~S{>?&>Sp~QIYh;_1wx&d zbO0{*^mcn;c*ODewzEs8-F02yZJw>?*H$u=DVA#?Mk~^Z+K2aUrVyraT5O)p%CFa z2&+!Vz6;U$_AF;hpPkmZ+G1CGu-o)b_B}Lm7q>f%`NHkC^`j^_I@|Bq-(f}usX)~5 zm=3`IMJ+!hylLle`20tkTsC`Jm|v*h9@Az9c@9 zWiubVou!x$-_|YomWJ_FDms~_B5H@XIiRo<3p$Xz1Pe|tDjB>wnj%4bvjaQ$7$@H9 zehg)uNx_7#f|w7UgxqIafM-3EWZ@yN;Eq)5ENT~uaxa2Zgc5|splMwusaOeyx*Zs@ zR4^pG?=9t}7}7z@R=u`-Jwuic2PK|=po8x_(8r%R@CxtkJD}ES;e=MlulDs52Y;h4 zLT>Q>gZ1hkq0@Nz?7^>*@9_3RT^Zcx%*lN=EO1u>Ourmt6QJLQFNknGX2^to6&V;V z1nU`5flQ;BkM(anA-FJ$uTG%z?gI^Y=B+|1Yz4wghgM>Tr!aiQwhKy>CHs3SP$PzR z3sNKGC@FeuR+Pv7xC_b&}fv|Q~3kS{yfe;hs<#7u0EQz@Y%cdka z8A2%l9IC~%yn_k3Dz3nc|3JvB?D_Ey^47`^$E_qOYWoZ-VBd09 z)Cd_cq@$SMgMbwo)=(l8WgCTfM!S&6Xh?SF;nFmYrLf=r>PZ$$z;7||V^rW=NT249 zOcWO1F&Og`t>owY`H9n{ix(Yj8G#?ylw}EiKaiGG4Dmq5{9q6I|9!Om4+#H=@HYrw zLHJLE|3+X4nf;F)^%lt%Sk%RkBU$XQbop~fcXdzr2>fSFkO;xI&EW6N;0I<9G=ra- z!GD>-&oQXyw~jU@KLn!qZHVEanGGNeAq*pY5<#5luc7n|!m|kC?7w!-U&gexTfoa0 z6`c~@Ti0a+bKgMtR|$4$)8p29|1ReI0%2_kgmfI!U=*Yg_!9d7fUh2~7ul_j3P&Y> z^I@;G!O`U4)?)|uiouqJwy*_1#3|zFm|+y{8P-TJ6fMKCwL(;aQzQE&fBcxYL@X2q vey@mMFyv^QUEnv5wYz@_I_wt0`o?i`yux(|r^Zh5Erm%b{nu|-?BxFd(q^1N diff --git a/HTML_GENERATING_CODE/generate_amitt_ttps.py b/HTML_GENERATING_CODE/generate_amitt_ttps.py index 9352f0f..2e6eb82 100644 --- a/HTML_GENERATING_CODE/generate_amitt_ttps.py +++ b/HTML_GENERATING_CODE/generate_amitt_ttps.py @@ -68,6 +68,8 @@ Creates CSVs todo: * add all framework comments to the repo issues list +* add clickable blue framework +* add detections ''' import pandas as pd @@ -107,10 +109,10 @@ class Amitt: self.df_tactics = metadata['tactics'] # Add columns containing lists of techniques and counters to the tactics dataframe - df_techniques_per_tactic = self.df_techniques.groupby('tactic_id')['id'].apply(list).reset_index().rename({'id':'technique_ids'}, axis=1) - df_counters_per_tactic = self.df_counters.groupby('tactic_id')['id'].apply(list).reset_index().rename({'id':'counter_ids'}, axis=1) - self.df_tactics = self.df_tactics.merge(df_techniques_per_tactic, left_on='id', right_on='tactic_id', how='left').fillna('').drop('tactic_id', axis=1) - self.df_tactics = self.df_tactics.merge(df_counters_per_tactic, left_on='id', right_on='tactic_id', how='left').fillna('').drop('tactic_id', axis=1) + self.df_techniques_per_tactic = self.df_techniques.groupby('tactic_id')['id'].apply(list).reset_index().rename({'id':'technique_ids'}, axis=1) + self.df_counters_per_tactic = self.df_counters.groupby('tactic_id')['id'].apply(list).reset_index().rename({'id':'counter_ids'}, axis=1) + self.df_tactics = self.df_tactics.merge(self.df_techniques_per_tactic, left_on='id', right_on='tactic_id', how='left').fillna('').drop('tactic_id', axis=1) + self.df_tactics = self.df_tactics.merge(self.df_counters_per_tactic, left_on='id', right_on='tactic_id', how='left').fillna('').drop('tactic_id', axis=1) # Add simple dictionaries (id -> name) for objects self.phases = self.make_object_dictionary(self.df_phases) @@ -123,10 +125,6 @@ class Amitt: # Create the data table for each framework file self.num_tactics = len(self.df_tactics) - self.max_num_techniques_per_tactic = max(df_techniques_per_tactic['technique_ids'].apply(len)) +2 - self.max_num_counters_per_tactic = max(df_counters_per_tactic['counter_ids'].apply(len)) +2 - self.padded_techniques_tactics_table = self.create_padded_techniques_tactics_table() - self.padded_counters_tactics_table = self.create_padded_counters_tactics_table() # Create counters cross-tables self.cross_counterid_techniqueid = self.create_cross_table(self.df_counters[['id', 'techniques']], @@ -154,53 +152,6 @@ class Amitt: def make_object_dictionary(self, df): return(pd.Series(df.name.values,index=df.id).to_dict()) - - - def create_padded_techniques_tactics_table(self, tocsv=True): - # Create the master grid that we make all the framework visuals from - # cols = number of tactics - # rows = max number of techniques per tactic + 2 - - arr = [['' for i in range(self.num_tactics)] for j in range(self.max_num_techniques_per_tactic)] - for index, tactic in self.df_tactics.iterrows(): - arr[0][index] = tactic['phase_id'] - arr[1][index] = tactic['id'] - if tactic['technique_ids'] == '': - continue - for index2, technique in enumerate(tactic['technique_ids']): - arr[index2+2][index] = technique - - #Save grid to file - if tocsv: - csvdir = '../generated_csvs' - if not os.path.exists(csvdir): - os.makedirs(csvdir) - pd.DataFrame(arr).to_csv(csvdir + '/techniques_tactics_table.csv', index=False, header=False) - - return(arr) - - def create_padded_counters_tactics_table(self, tocsv=True): - # Create the master grid that we make all the framework visuals from - # cols = number of tactics - # rows = max number of techniques per tactic + 2 - - arr = [['' for i in range(self.num_tactics)] for j in range(self.max_num_counters_per_tactic)] - for index, tactic in self.df_tactics.iterrows(): - arr[0][index] = tactic['phase_id'] - arr[1][index] = tactic['id'] - if tactic['counter_ids'] == '': - continue - for index2, counter in enumerate(tactic['counter_ids']): - arr[index2+2][index] = counter - - #Save grid to file - if tocsv: - csvdir = '../generated_csvs' - if not os.path.exists(csvdir): - os.makedirs(csvdir) - pd.DataFrame(arr).to_csv(csvdir + '/counters_tactics_table.csv', index=False, header=False) - - return(arr) def create_cross_table(self, df, col, newcol, divider=','): @@ -528,132 +479,140 @@ class Amitt: return - def write_amitt_red_framework_file(self, outfile = '../amitt_red_framework.md'): + def create_padded_framework_table(self, title, ttp_col, tocsv=True): + # Create the master grid that we make all the framework visuals from + # cols = number of tactics + # rows = max number of techniques per tactic + 2 + + numrows = max(self.df_tactics[ttp_col].apply(len)) + 2 + + arr = [['' for i in range(self.num_tactics)] for j in range(numrows)] + for index, tactic in self.df_tactics.iterrows(): + arr[0][index] = tactic['phase_id'] + arr[1][index] = tactic['id'] + if tactic[ttp_col] == '': + continue + for index2, technique in enumerate(tactic[ttp_col]): + arr[index2+2][index] = technique + + #Save grid to file + if tocsv: + snakecase_title = title.replace(' ', '_') + csvdir = '../generated_csvs' + if not os.path.exists(csvdir): + os.makedirs(csvdir) + pd.DataFrame(arr).to_csv('{0}/{1}_ids.csv'.format(csvdir, snakecase_title), index=False, header=False) + + return(arr) + + + def write_amitt_frameworks(self): + + self.write_amitt_framework_files("red framework", self.techniques, "techniques", 'technique_ids') + self.write_amitt_framework_files("blue framework", self.counters, "counters", 'counter_ids') + return + + def write_amitt_framework_files(self, title, ttp_dictionary, ttp_dir, ttp_col): # Write HTML version of framework diagram to markdown file - # Needs phases, tactics, techniques, padded_techniques_tactics_table + # Needs phases, tactics + snakecase_title = title.replace(' ', '_') + outfile = '../amitt_{}.md'.format(snakecase_title) + clickable_file = '../amitt_{}_clickable.html'.format(snakecase_title) - html = '''# AMITT Red: Latest Framework + # Create padded table to make the writing easier + padded_table = self.create_padded_framework_table(title, ttp_col) + + + html = '''# AMITT {}: Latest Framework -''' +'''.format(title.capitalize()) + # row with phase names in - removed because it makes the tables confusing # for col in range(self.num_tactics): # html += '\n'.format( - # self.padded_techniques_tactics_table[0][col], self.phases[self.padded_techniques_tactics_table[0][col]]) + # padded_table[0][col], self.phases[padded_table[0][col]]) # html += '\n' html += '\n' for col in range(self.num_tactics): html += '\n'.format( - self.padded_techniques_tactics_table[1][col], self.tactics[self.padded_techniques_tactics_table[1][col]]) + padded_table[1][col], self.tactics[padded_table[1][col]]) html += '\n\n' - for row in range(2,self.max_num_techniques_per_tactic): + for row in range(2,len(padded_table)): for col in range(self.num_tactics): - if self.padded_techniques_tactics_table[row][col] == '': + if padded_table[row][col] == '': html += '\n' else: - html += '\n'.format( - self.padded_techniques_tactics_table[row][col], self.techniques[self.padded_techniques_tactics_table[row][col]]) + html += '\n'.format( + ttp_dir, padded_table[row][col], ttp_dictionary[padded_table[row][col]]) html += '\n\n' html += '\n
{0} {1}
{0} {1}
{0} {1}{1} {2}
\n' with open(outfile, 'w') as f: f.write(html) print('updated {}'.format(outfile)) - return - def write_amitt_blue_framework_file(self, outfile = '../amitt_blue_framework.md'): - # Write HTML version of counters framework diagram to markdown file - # Needs phases, tactics, counters, padded_counters_tactics_table + # Clickable version + self.write_clickable_amitt_framework_file(title, padded_table, ttp_dictionary, clickable_file) - html = '''# AMITT Blue: Latest Framework - - - -''' - - # for col in range(self.num_tactics): - # html += '\n'.format( - # self.padded_counters_tactics_table[0][col], self.phases[self.padded_counters_tactics_table[0][col]]) - # html += '\n' - - html += '\n' - for col in range(self.num_tactics): - html += '\n'.format( - self.padded_counters_tactics_table[1][col], self.tactics[self.padded_counters_tactics_table[1][col]]) - html += '\n\n' - - for row in range(2,self.max_num_counters_per_tactic): - for col in range(self.num_tactics): - if self.padded_counters_tactics_table[row][col] == '': - html += '\n' - else: - html += '\n'.format( - self.padded_counters_tactics_table[row][col], self.counters[self.padded_counters_tactics_table[row][col]]) - html += '\n\n' - html += '\n
{0} {1}
{0} {1}
{0} {1}
\n' - - with open(outfile, 'w') as f: - f.write(html) - print('updated {}'.format(outfile)) return - - def write_clickable_amitt_red_framework_file(self, outfile='../amitt_red_framework_clickable.html'): + def write_clickable_amitt_framework_file(self, title, padded_table, ttp_dictionary, outfile): # Write clickable html version of the matrix grid to html file html = ''' - AMITT + AMITT {}

AMITT

-''' +'''.format(title.capitalize()) html += '\n' for col in range(self.num_tactics): - html += '\n'.format(self.padded_techniques_tactics_table[0][col], self.phases[self.padded_techniques_tactics_table[0][col]]) + html += '\n'.format(padded_table[0][col], self.phases[padded_table[0][col]]) html += '\n' html += '\n' for col in range(self.num_tactics): - html += '\n'.format(self.padded_techniques_tactics_table[1][col], self.tactics[self.padded_techniques_tactics_table[1][col]]) + html += '\n'.format(padded_table[1][col], self.tactics[padded_table[1][col]]) html += '\n' liststr = '' html += '\n' - for row in range(2,self.max_num_techniques_per_tactic): + for row in range(2,len(padded_table)): for col in range(self.num_tactics): - techid = self.padded_techniques_tactics_table[row][col] + techid = padded_table[row][col] if techid == '': html += '\n' else: html += '\n'.format( - techid, self.techniques[techid]) + techid, ttp_dictionary[techid]) liststr += '\n'.format( - techid, self.techniques[techid]) + techid, ttp_dictionary[techid]) html += '\n\n' html += '\n
{0} {1}{0} {1}
{0} {1}{0} {1}
{0} {1}
\n
\n' @@ -770,9 +729,7 @@ function handleTechniqueClick(box) { def generate_and_write_datafiles(self): # Framework matrices - self.write_amitt_red_framework_file() - self.write_amitt_blue_framework_file() - self.write_clickable_amitt_red_framework_file() + self.write_amitt_frameworks() # Editable files self.update_markdown_files() self.write_object_indexes_to_file() diff --git a/HTML_GENERATING_CODE/test_new_code.ipynb b/HTML_GENERATING_CODE/test_new_code.ipynb index 611d250..42d0c01 100644 --- a/HTML_GENERATING_CODE/test_new_code.ipynb +++ b/HTML_GENERATING_CODE/test_new_code.ipynb @@ -12,65 +12,17 @@ "output_type": "stream", "text": [ "updated ../amitt_red_framework.md\n", - "updated ../amitt_blue_framework.md\n", "updated ../amitt_red_framework_clickable.html\n", + "updated ../amitt_blue_framework.md\n", + "updated ../amitt_blue_framework_clickable.html\n", "updated ../phases_index.md\n", "updated ../tactics_index.md\n", - "Updating ../tactics/TA01.md\n", - "Updating ../tactics/TA02.md\n", - "Updating ../tactics/TA03.md\n", - "Updating ../tactics/TA06.md\n", "updated ../techniques_index.md\n", - "Updating ../techniques/T0002.md\n", - "Updating ../techniques/T0006.md\n", - "Updating ../techniques/T0008.md\n", - "Updating ../techniques/T0009.md\n", - "Updating ../techniques/T0010.md\n", - "Updating ../techniques/T0013.md\n", - "Updating ../techniques/T0014.md\n", - "Updating ../techniques/T0015.md\n", - "Updating ../techniques/T0017.md\n", - "Updating ../techniques/T0021.md\n", - "Updating ../techniques/T0023.md\n", - "Updating ../techniques/T0024.md\n", - "Updating ../techniques/T0025.md\n", - "Updating ../techniques/T0026.md\n", - "Updating ../techniques/T0039.md\n", - "Updating ../techniques/T0045.md\n", - "Updating ../techniques/T0046.md\n", - "Updating ../techniques/T0047.md\n", - "Updating ../techniques/T0048.md\n", - "Updating ../techniques/T0053.md\n", - "Updating ../techniques/T0057.md\n", - "Updating ../techniques/T0059.md\n", "updated ../tasks_index.md\n", "updated ../incidents_index.md\n", "updated ../counters_index.md\n", - "Updating ../counters/C00077.md\n", - "Updating ../counters/C00078.md\n", - "Updating ../counters/C00080.md\n", - "Updating ../counters/C00081.md\n", - "Updating ../counters/C00082.md\n", - "Updating ../counters/C00084.md\n", - "Updating ../counters/C00085.md\n", - "Updating ../counters/C00087.md\n", - "Updating ../counters/C00091.md\n", - "Updating ../counters/C00092.md\n", - "Updating ../counters/C00093.md\n", - "Updating ../counters/C00094.md\n", - "Updating ../counters/C00202.md\n", - "Updating ../counters/C00219.md\n", - "Updating ../counters/C00223.md\n", "updated ../metatechniques_index.md\n", - "Updating ../metatechniques/M001.md\n", - "Updating ../metatechniques/M002.md\n", - "Updating ../metatechniques/M003.md\n", - "Updating ../metatechniques/M006.md\n", - "Updating ../metatechniques/M009.md\n", - "Updating ../metatechniques/M013.md\n", "updated ../actors_index.md\n", - "Updating ../actors/A001.md\n", - "Updating ../actors/A007.md\n", "updated ../responsetype_index.md\n", "updated ../detections_index.md\n", "updated ../tactics_by_responsetype_table.md\n", @@ -87,9 +39,38 @@ }, { "cell_type": "code", - "execution_count": null, + "execution_count": 2, "metadata": {}, - "outputs": [], + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "dict_keys(['df_phases', 'df_techniques', 'df_tasks', 'df_incidents', 'df_counters', 'df_detections', 'df_actors', 'df_resources', 'df_responsetypes', 'df_metatechniques', 'it', 'df_tactics', 'df_techniques_per_tactic', 'df_counters_per_tactic', 'phases', 'tactics', 'techniques', 'counters', 'metatechniques', 'actors', 'resources', 'num_tactics', 'cross_counterid_techniqueid', 'cross_counterid_resourceid', 'cross_counterid_actorid'])\n" + ] + }, + { + "data": { + "text/plain": [ + "{'TA01': 'Strategic Planning',\n", + " 'TA02': 'Objective Planning',\n", + " 'TA03': 'Develop People',\n", + " 'TA04': 'Develop Networks',\n", + " 'TA05': 'Microtargeting',\n", + " 'TA06': 'Develop Content',\n", + " 'TA07': 'Channel Selection',\n", + " 'TA08': 'Pump Priming',\n", + " 'TA09': 'Exposure',\n", + " 'TA10': 'Go Physical',\n", + " 'TA11': 'Persistence',\n", + " 'TA12': 'Measure Effectiveness'}" + ] + }, + "execution_count": 2, + "metadata": {}, + "output_type": "execute_result" + } + ], "source": [ "# Check which amitt variables we can see from here\n", "print('{}'.format(vars(amitt).keys()))\n", @@ -105,222 +86,51 @@ }, { "cell_type": "code", - "execution_count": 3, + "execution_count": 1, "metadata": {}, - "outputs": [ - { - "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
id
tactic_idTA01TA02TA03TA04TA05TA06TA07TA08TA09TA10TA11TA12
responsetype
ALL400000000000
D2 Deny1101011213773110
D3 Disrupt6573587314061
D4 Degrade701305322062
D5 Deceive001002100000
D6 Destroy001100000000
D7 Deter401005030100
\n", - "
" - ], - "text/plain": [ - " id \n", - "tactic_id TA01 TA02 TA03 TA04 TA05 TA06 TA07 TA08 TA09 TA10 TA11 TA12\n", - "responsetype \n", - "ALL 4 0 0 0 0 0 0 0 0 0 0 0\n", - "D2 Deny 11 0 10 11 2 13 7 7 3 1 1 0\n", - "D3 Disrupt 6 5 7 3 5 8 7 3 14 0 6 1\n", - "D4 Degrade 7 0 1 3 0 5 3 2 2 0 6 2\n", - "D5 Deceive 0 0 1 0 0 2 1 0 0 0 0 0\n", - "D6 Destroy 0 0 1 1 0 0 0 0 0 0 0 0\n", - "D7 Deter 4 0 1 0 0 5 0 3 0 1 0 0" - ] - }, - "execution_count": 3, - "metadata": {}, - "output_type": "execute_result" - } - ], + "outputs": [], "source": [ "import pandas as pd\n", - "counts_table = pd.pivot_table(amitt.df_counters[['tactic_id', 'responsetype',\n", - " 'id']], index='responsetype', columns='tactic_id', aggfunc=len, fill_value=0)\n", - "counts_table" + "from generate_amitt_ttps import Amitt\n", + "amitt = Amitt()" ] }, { "cell_type": "code", - "execution_count": 4, + "execution_count": 2, "metadata": {}, "outputs": [ { - "data": { - "text/plain": [ - "Index(['TA01', 'TA02', 'TA03', 'TA04', 'TA05', 'TA06', 'TA07', 'TA08', 'TA09',\n", - " 'TA10', 'TA11', 'TA12'],\n", - " dtype='object', name='tactic_id')" - ] - }, - "execution_count": 4, - "metadata": {}, - "output_type": "execute_result" + "name": "stdout", + "output_type": "stream", + "text": [ + "updated ../amitt_red_framework.md\n", + "updated ../amitt_red_framework_clickable.html\n", + "updated ../amitt_blue_framework.md\n", + "updated ../amitt_blue_framework_clickable.html\n" + ] } ], "source": [ - "counts_table.columns.get_level_values(1)" + "amitt.write_amitt_frameworks()" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "updated ../amitt_blue_framework.md\n", + "updated ../amitt_blue_framework_clickable.html\n" + ] + } + ], + "source": [ + "amitt.write_amitt_blue_framework_file(outfile = '../amitt_blue_framework.md')" ] }, { @@ -330,250 +140,8 @@ "outputs": [ { "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
idTOTALS
responsetypeALLD2 DenyD3 DisruptD4 DegradeD5 DeceiveD6 DestroyD7 Deter
metatechnique_id
M0010107700428
M0020210230017
M003068201219
M0040137600026
M0050154000019
M006070000310
M007436000316
M00800141006
M00900510006
M010038401117
M01102100003
M01202110004
M013016300111
M01402110004
\n", - "
" - ], "text/plain": [ - " id \\\n", - "responsetype ALL D2 Deny D3 Disrupt D4 Degrade D5 Deceive D6 Destroy \n", - "metatechnique_id \n", - "M001 0 10 7 7 0 0 \n", - "M002 0 2 10 2 3 0 \n", - "M003 0 6 8 2 0 1 \n", - "M004 0 13 7 6 0 0 \n", - "M005 0 15 4 0 0 0 \n", - "M006 0 7 0 0 0 0 \n", - "M007 4 3 6 0 0 0 \n", - "M008 0 0 1 4 1 0 \n", - "M009 0 0 5 1 0 0 \n", - "M010 0 3 8 4 0 1 \n", - "M011 0 2 1 0 0 0 \n", - "M012 0 2 1 1 0 0 \n", - "M013 0 1 6 3 0 0 \n", - "M014 0 2 1 1 0 0 \n", - "\n", - " TOTALS \n", - "responsetype D7 Deter \n", - "metatechnique_id \n", - "M001 4 28 \n", - "M002 0 17 \n", - "M003 2 19 \n", - "M004 0 26 \n", - "M005 0 19 \n", - "M006 3 10 \n", - "M007 3 16 \n", - "M008 0 6 \n", - "M009 0 6 \n", - "M010 1 17 \n", - "M011 0 3 \n", - "M012 0 4 \n", - "M013 1 11 \n", - "M014 0 4 " + "10" ] }, "execution_count": 7, @@ -582,1266 +150,79 @@ } ], "source": [ - "coltype = 'responsetype'\n", - "rowtype = 'metatechnique_id'\n", - "rowname = 'metatag'\n", - "counts_table2 = pd.pivot_table(amitt.df_counters[[coltype, rowtype,'id']], \n", - " index=rowtype, columns=coltype, aggfunc=len, \n", - " fill_value=0) \n", - "counts_table2['TOTALS'] = counts_table2.sum(axis=1)\n", - "counts_table2" - ] - }, - { - "cell_type": "code", - "execution_count": 8, - "metadata": {}, - "outputs": [ - { - "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
idTOTALS
responsetypeALLD2 DenyD3 DisruptD4 DegradeD5 DeceiveD6 DestroyD7 Deter
tactic_id
TA014116700432
TA0200500005
TA030107111121
TA040113301018
TA0502500007
TA060138520533
TA07077310018
TA08073200315
TA090314200019
TA1001000012
TA11016600013
TA1200120003
\n", - "
" - ], - "text/plain": [ - " id \\\n", - "responsetype ALL D2 Deny D3 Disrupt D4 Degrade D5 Deceive D6 Destroy D7 Deter \n", - "tactic_id \n", - "TA01 4 11 6 7 0 0 4 \n", - "TA02 0 0 5 0 0 0 0 \n", - "TA03 0 10 7 1 1 1 1 \n", - "TA04 0 11 3 3 0 1 0 \n", - "TA05 0 2 5 0 0 0 0 \n", - "TA06 0 13 8 5 2 0 5 \n", - "TA07 0 7 7 3 1 0 0 \n", - "TA08 0 7 3 2 0 0 3 \n", - "TA09 0 3 14 2 0 0 0 \n", - "TA10 0 1 0 0 0 0 1 \n", - "TA11 0 1 6 6 0 0 0 \n", - "TA12 0 0 1 2 0 0 0 \n", - "\n", - " TOTALS \n", - "responsetype \n", - "tactic_id \n", - "TA01 32 \n", - "TA02 5 \n", - "TA03 21 \n", - "TA04 18 \n", - "TA05 7 \n", - "TA06 33 \n", - "TA07 18 \n", - "TA08 15 \n", - "TA09 19 \n", - "TA10 2 \n", - "TA11 13 \n", - "TA12 3 " - ] - }, - "execution_count": 8, - "metadata": {}, - "output_type": "execute_result" - } - ], - "source": [ - "coltype = 'responsetype'\n", - "rowtype = 'tactic_id'\n", - "rowname = 'tacctic'\n", - "counts_table3 = pd.pivot_table(amitt.df_counters[[coltype, rowtype,'id']], \n", - " index=rowtype, columns=coltype, aggfunc=len, \n", - " fill_value=0) \n", - "counts_table3['TOTALS'] = counts_table3.sum(axis=1)\n", - "counts_table3" - ] - }, - { - "cell_type": "code", - "execution_count": 12, - "metadata": {}, - "outputs": [ - { - "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
idTOTALS
responsetypeALLD2 DenyD3 DisruptD4 DegradeD5 DeceiveD6 DestroyD7 Deter
metatechnique_id
M0010107700428
M0020210230017
M003068201219
M0040137600026
M0050154000019
M006070000310
M007436000316
M00800141006
M00900510006
M010038401117
M01102100003
M01202110004
M013016300111
M01402110004
\n", - "
" - ], - "text/plain": [ - " id \\\n", - "responsetype ALL D2 Deny D3 Disrupt D4 Degrade D5 Deceive D6 Destroy \n", - "metatechnique_id \n", - "M001 0 10 7 7 0 0 \n", - "M002 0 2 10 2 3 0 \n", - "M003 0 6 8 2 0 1 \n", - "M004 0 13 7 6 0 0 \n", - "M005 0 15 4 0 0 0 \n", - "M006 0 7 0 0 0 0 \n", - "M007 4 3 6 0 0 0 \n", - "M008 0 0 1 4 1 0 \n", - "M009 0 0 5 1 0 0 \n", - "M010 0 3 8 4 0 1 \n", - "M011 0 2 1 0 0 0 \n", - "M012 0 2 1 1 0 0 \n", - "M013 0 1 6 3 0 0 \n", - "M014 0 2 1 1 0 0 \n", - "\n", - " TOTALS \n", - "responsetype D7 Deter \n", - "metatechnique_id \n", - "M001 4 28 \n", - "M002 0 17 \n", - "M003 2 19 \n", - "M004 0 26 \n", - "M005 0 19 \n", - "M006 3 10 \n", - "M007 3 16 \n", - "M008 0 6 \n", - "M009 0 6 \n", - "M010 1 17 \n", - "M011 0 3 \n", - "M012 0 4 \n", - "M013 1 11 \n", - "M014 0 4 " - ] - }, - "execution_count": 12, - "metadata": {}, - "output_type": "execute_result" - } - ], - "source": [ - "counts_table4 = pd.pivot_table(amitt.df_counters[['responsetype', 'metatechnique_id','id']], \n", - " index='metatechnique_id', columns='responsetype', aggfunc=len, \n", - " fill_value=0) \n", - "counts_table4['TOTALS'] = counts_table4.sum(axis=1)\n", - "counts_table4" - ] - }, - { - "cell_type": "code", - "execution_count": 10, - "metadata": { - "scrolled": true - }, - "outputs": [ - { - "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
idnamemetatechniquesummaryplaybooksactorsresources_neededhow_foundreferencesincident_idstacticresponsetypenotestechniqueslongnametactic_idtactic_namemetatechnique_idmetatechnique_name
67C00001Better models of info spread up the layersM007 - metatechnique2019-11-workshopTA01 Strategic PlanningALLC00001 - Better models of info spread up the l...TA01Strategic PlanningM007- metatechnique
68C00003How can we safeguard against extremists using ...M007 - metatechnique2019-11-workshopTA01 Strategic PlanningALLC00003 - How can we safeguard against extremis...TA01Strategic PlanningM007- metatechnique
69C00004Managing like a chronic diseaseM007 - metatechnique2019-11-workshopTA01 Strategic PlanningALLC00004 - Managing like a chronic diseaseTA01Strategic PlanningM007- metatechnique
70C00005Policy: makers, terminology, elements: a) broa...M007 - metatechnique2019-11-workshopTA01 Strategic PlanningALLC00005 - Policy: makers, terminology, elements...TA01Strategic PlanningM007- metatechnique
71C00006Charge for social mediaM004 - frictionNo corresponding AMITT technique.A033 - social media platform owner2019-11-workshopTA01 Strategic PlanningD2 DenyC00006 - Charge for social mediaTA01Strategic PlanningM004- friction
............................................................
25C00215Use fraud legislation to clean up social mediaM007 - metatechniqueA020 - policy maker2019-11-workshopTA07 Channel SelectionD3 DisruptC00215 - Use fraud legislation to clean up soc...TA07Channel SelectionM007- metatechnique
50C00216Use advertiser controls to stem flow of funds ...M014 - reduce resourcesA023 - adtech provider2019-11-workshopTA05 MicrotargetingD2 DenyC00216 - Use advertiser controls to stem flow ...TA05MicrotargetingM014- reduce resources
45C00217Registries alert when large batches of newsy U...M003 - daylightA028 - platform administratorgrugqTA07 Channel SelectionD2 DenyC00217 - Registries alert when large batches o...TA07Channel SelectionM003- daylight
46C00218CensorshipM005 - removalAlter and/or block the publication/disseminati...A031 - social media platform administratorgrugqTaylor81TA09 ExposureD2 DenyC00218 - CensorshipTA09ExposureM005- removal
185C00219Add metadata to content - out of the control o...M003 - daylightAdd date and source to imagesgrugqTA06 Develop ContentD3 DisruptC00219 - Add metadata to content - out of the ...TA06Develop ContentM003- daylight
\n", - "

186 rows × 19 columns

\n", - "
" - ], - "text/plain": [ - " id name \\\n", - "67 C00001 Better models of info spread up the layers \n", - "68 C00003 How can we safeguard against extremists using ... \n", - "69 C00004 Managing like a chronic disease \n", - "70 C00005 Policy: makers, terminology, elements: a) broa... \n", - "71 C00006 Charge for social media \n", - ".. ... ... \n", - "25 C00215 Use fraud legislation to clean up social media \n", - "50 C00216 Use advertiser controls to stem flow of funds ... \n", - "45 C00217 Registries alert when large batches of newsy U... \n", - "46 C00218 Censorship \n", - "185 C00219 Add metadata to content - out of the control o... \n", - "\n", - " metatechnique \\\n", - "67 M007 - metatechnique \n", - "68 M007 - metatechnique \n", - "69 M007 - metatechnique \n", - "70 M007 - metatechnique \n", - "71 M004 - friction \n", - ".. ... \n", - "25 M007 - metatechnique \n", - "50 M014 - reduce resources \n", - "45 M003 - daylight \n", - "46 M005 - removal \n", - "185 M003 - daylight \n", - "\n", - " summary \\\n", - "67 \n", - "68 \n", - "69 \n", - "70 \n", - "71 No corresponding AMITT technique. \n", - ".. ... \n", - "25 \n", - "50 \n", - "45 \n", - "46 Alter and/or block the publication/disseminati... \n", - "185 \n", - "\n", - " playbooks \\\n", - "67 \n", - "68 \n", - "69 \n", - "70 \n", - "71 \n", - ".. ... \n", - "25 \n", - "50 \n", - "45 \n", - "46 \n", - "185 Add date and source to images \n", - "\n", - " actors resources_needed \\\n", - "67 \n", - "68 \n", - "69 \n", - "70 \n", - "71 A033 - social media platform owner \n", - ".. ... ... \n", - "25 A020 - policy maker \n", - "50 A023 - adtech provider \n", - "45 A028 - platform administrator \n", - "46 A031 - social media platform administrator \n", - "185 \n", - "\n", - " how_found references incident_ids tactic \\\n", - "67 2019-11-workshop TA01 Strategic Planning \n", - "68 2019-11-workshop TA01 Strategic Planning \n", - "69 2019-11-workshop TA01 Strategic Planning \n", - "70 2019-11-workshop TA01 Strategic Planning \n", - "71 2019-11-workshop TA01 Strategic Planning \n", - ".. ... ... ... ... \n", - "25 2019-11-workshop TA07 Channel Selection \n", - "50 2019-11-workshop TA05 Microtargeting \n", - "45 grugq TA07 Channel Selection \n", - "46 grugq Taylor81 TA09 Exposure \n", - "185 grugq TA06 Develop Content \n", - "\n", - " responsetype notes techniques \\\n", - "67 ALL \n", - "68 ALL \n", - "69 ALL \n", - "70 ALL \n", - "71 D2 Deny \n", - ".. ... ... ... \n", - "25 D3 Disrupt \n", - "50 D2 Deny \n", - "45 D2 Deny \n", - "46 D2 Deny \n", - "185 D3 Disrupt \n", - "\n", - " longname tactic_id \\\n", - "67 C00001 - Better models of info spread up the l... TA01 \n", - "68 C00003 - How can we safeguard against extremis... TA01 \n", - "69 C00004 - Managing like a chronic disease TA01 \n", - "70 C00005 - Policy: makers, terminology, elements... TA01 \n", - "71 C00006 - Charge for social media TA01 \n", - ".. ... ... \n", - "25 C00215 - Use fraud legislation to clean up soc... TA07 \n", - "50 C00216 - Use advertiser controls to stem flow ... TA05 \n", - "45 C00217 - Registries alert when large batches o... TA07 \n", - "46 C00218 - Censorship TA09 \n", - "185 C00219 - Add metadata to content - out of the ... TA06 \n", - "\n", - " tactic_name metatechnique_id metatechnique_name \n", - "67 Strategic Planning M007 - metatechnique \n", - "68 Strategic Planning M007 - metatechnique \n", - "69 Strategic Planning M007 - metatechnique \n", - "70 Strategic Planning M007 - metatechnique \n", - "71 Strategic Planning M004 - friction \n", - ".. ... ... ... \n", - "25 Channel Selection M007 - metatechnique \n", - "50 Microtargeting M014 - reduce resources \n", - "45 Channel Selection M003 - daylight \n", - "46 Exposure M005 - removal \n", - "185 Develop Content M003 - daylight \n", - "\n", - "[186 rows x 19 columns]" - ] - }, - "execution_count": 10, - "metadata": {}, - "output_type": "execute_result" - } - ], - "source": [ - "amitt.df_counters" - ] - }, - { - "cell_type": "code", - "execution_count": 3, - "metadata": {}, - "outputs": [ - { - "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
idTOTALS
responsetypeALLD2 DenyD3 DisruptD4 DegradeD5 DeceiveD6 DestroyD7 Deter
resource_id
46261274214174
R00101000001
R00201000001
R00300200002
R00402240008
\n", - "
" - ], - "text/plain": [ - " id \\\n", - "responsetype ALL D2 Deny D3 Disrupt D4 Degrade D5 Deceive D6 Destroy D7 Deter \n", - "resource_id \n", - " 4 62 61 27 4 2 14 \n", - "R001 0 1 0 0 0 0 0 \n", - "R002 0 1 0 0 0 0 0 \n", - "R003 0 0 2 0 0 0 0 \n", - "R004 0 2 2 4 0 0 0 \n", - "\n", - " TOTALS \n", - "responsetype \n", - "resource_id \n", - " 174 \n", - "R001 1 \n", - "R002 1 \n", - "R003 2 \n", - "R004 8 " - ] - }, - "execution_count": 3, - "metadata": {}, - "output_type": "execute_result" - } - ], - "source": [ - "counts_table = pd.pivot_table(amitt.cross_counterid_resourceid.merge(amitt.df_counters[['id', 'responsetype']]), \n", - " index='resource_id', columns='responsetype', aggfunc=len, \n", - " fill_value=0)\n", - "counts_table['TOTALS'] = counts_table.sum(axis=1)\n", - "\n", - "counts_table" - ] - }, - { - "cell_type": "code", - "execution_count": 4, - "metadata": {}, - "outputs": [ - { - "ename": "KeyError", - "evalue": "''", - "output_type": "error", - "traceback": [ - "\u001b[0;31m---------------------------------------------------------------------------\u001b[0m", - "\u001b[0;31mKeyError\u001b[0m Traceback (most recent call last)", - "\u001b[0;32m\u001b[0m in \u001b[0;36m\u001b[0;34m\u001b[0m\n\u001b[0;32m----> 1\u001b[0;31m \u001b[0mamitt\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mwrite_counts_table_to_file\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m'resource'\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mamitt\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mresources\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mcounts_table\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0;34m'testfile.txt'\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m", - "\u001b[0;32m~/Dropbox/SJT_Projects_current/CogSecCollab/CODE_AND_DATA/github_cogseccollab_AMITT/HTML_GENERATING_CODE/generate_amitt_ttps.py\u001b[0m in \u001b[0;36mwrite_counts_table_to_file\u001b[0;34m(self, objectname, objectdict, counts_table, outfile)\u001b[0m\n\u001b[1;32m 712\u001b[0m \u001b[0;32mfor\u001b[0m \u001b[0mindex\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mcounts\u001b[0m \u001b[0;32min\u001b[0m \u001b[0mcounts_table\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0miterrows\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 713\u001b[0m html += '{1} {2}\\n'.format(\n\u001b[0;32m--> 714\u001b[0;31m objectname, index, objectdict[index])\n\u001b[0m\u001b[1;32m 715\u001b[0m \u001b[0;32mfor\u001b[0m \u001b[0mval\u001b[0m \u001b[0;32min\u001b[0m \u001b[0mcounts\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mvalues\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 716\u001b[0m \u001b[0mhtml\u001b[0m \u001b[0;34m+=\u001b[0m \u001b[0;34m'{}\\n'\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mformat\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mval\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;31mKeyError\u001b[0m: ''" - ] - } - ], - "source": [ - "amitt.write_counts_table_to_file('resource', amitt.resources, counts_table, 'testfile.txt')" - ] - }, - { - "cell_type": "code", - "execution_count": 5, - "metadata": {}, - "outputs": [ - { - "data": { - "text/plain": [ - "{'R001': 'datastreams ',\n", - " 'R002': 'funding ',\n", - " 'R003': 'money ',\n", - " 'R004': 'platform algorithms ',\n", - " 'R005': 'slang translation',\n", - " 'R006': 'disinformation datasets'}" - ] - }, - "execution_count": 5, - "metadata": {}, - "output_type": "execute_result" - } - ], - "source": [ - "amitt.resources" + "max(amitt.df_tactics['technique_ids'].apply(len))\n" ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - " is responsetype\n", - "id ALL 4\n", - " D2 Deny 62\n", - " D3 Disrupt 61\n", - " D4 Degrade 27\n", - " D5 Deceive 4\n", - " D6 Destroy 2\n", - " D7 Deter 14\n", - "TOTALS 174\n", - "Name: , dtype: int64\n", - "R001 is responsetype\n", - "id ALL 0\n", - " D2 Deny 1\n", - " D3 Disrupt 0\n", - " D4 Degrade 0\n", - " D5 Deceive 0\n", - " D6 Destroy 0\n", - " D7 Deter 0\n", - "TOTALS 1\n", - "Name: R001, dtype: int64\n", - "R002 is responsetype\n", - "id ALL 0\n", - " D2 Deny 1\n", - " D3 Disrupt 0\n", - " D4 Degrade 0\n", - " D5 Deceive 0\n", - " D6 Destroy 0\n", - " D7 Deter 0\n", - "TOTALS 1\n", - "Name: R002, dtype: int64\n", - "R003 is responsetype\n", - "id ALL 0\n", - " D2 Deny 0\n", - " D3 Disrupt 2\n", - " D4 Degrade 0\n", - " D5 Deceive 0\n", - " D6 Destroy 0\n", - " D7 Deter 0\n", - "TOTALS 2\n", - "Name: R003, dtype: int64\n", - "R004 is responsetype\n", - "id ALL 0\n", - " D2 Deny 2\n", - " D3 Disrupt 2\n", - " D4 Degrade 4\n", - " D5 Deceive 0\n", - " D6 Destroy 0\n", - " D7 Deter 0\n", - "TOTALS 8\n", - "Name: R004, dtype: int64\n" - ] - } - ], - "source": [ - "for index, counts in counts_table.iterrows():\n", - " print('{} is {}'.format(index, counts))" - ] - }, - { - "cell_type": "code", - "execution_count": 18, - "metadata": {}, "outputs": [ { "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
idresource_idresponsetype
\n", - "
" - ], "text/plain": [ - "Empty DataFrame\n", - "Columns: [id, resource_id, responsetype]\n", - "Index: []" + "0 [T0001, T0002, T0003, T0004]\n", + "1 [T0005, T0006]\n", + "2 [T0007, T0008, T0009]\n", + "3 [T0010, T0011, T0012, T0013, T0014, T0015]\n", + "4 [T0016, T0017, T0018]\n", + "5 [T0019, T0020, T0021, T0022, T0023, T0024, T00...\n", + "6 [T0029, T0030, T0031, T0032, T0033, T0034, T00...\n", + "7 [T0039, T0040, T0041, T0042, T0043, T0044, T00...\n", + "8 [T0047, T0048, T0049, T0050, T0051, T0052, T00...\n", + "9 [T0057, T0061]\n", + "10 [T0058, T0059, T0060]\n", + "11 \n", + "Name: technique_ids, dtype: object" ] }, - "execution_count": 18, + "execution_count": 6, "metadata": {}, "output_type": "execute_result" } ], "source": [ - "xx = amitt.cross_counterid_resourceid.merge(amitt.df_counters[['id', 'responsetype']], how='inner')\n", - "xx[xx['responsetype'].isin(amitt.resources.keys())]" + "amitt.df_tactics['technique_ids']" + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "12" + ] + }, + "execution_count": 9, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "len(amitt.padded_techniques_tactics_table)" + ] + }, + { + "cell_type": "code", + "execution_count": 10, + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "12" + ] + }, + "execution_count": 10, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "amitt.max_num_techniques_per_tactic" ] }, { @@ -1852,12 +233,7 @@ { "data": { "text/plain": [ - " 174\n", - "R004 8\n", - "R003 2\n", - "R002 1\n", - "R001 1\n", - "Name: resource_id, dtype: int64" + "'xx'" ] }, "execution_count": 13, @@ -1865,9 +241,7 @@ "output_type": "execute_result" } ], - "source": [ - "xx['resource_id'].value_counts()" - ] + "source": [] }, { "cell_type": "code", diff --git a/amitt_blue_framework.md b/amitt_blue_framework.md index ffdf81b..97a4384 100644 --- a/amitt_blue_framework.md +++ b/amitt_blue_framework.md @@ -1,4 +1,4 @@ -# AMITT Blue: Latest Framework +# AMITT Blue framework: Latest Framework diff --git a/amitt_blue_framework_clickable.html b/amitt_blue_framework_clickable.html new file mode 100644 index 0000000..4fe3103 --- /dev/null +++ b/amitt_blue_framework_clickable.html @@ -0,0 +1,570 @@ + + + + AMITT Blue framework + + + + + +

AMITT

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
P01 PlanningP01 PlanningP02 PreparationP02 PreparationP02 PreparationP02 PreparationP02 PreparationP03 ExecutionP03 ExecutionP03 ExecutionP03 ExecutionP04 Evaluation
TA01 Strategic PlanningTA02 Objective PlanningTA03 Develop PeopleTA04 Develop NetworksTA05 MicrotargetingTA06 Develop ContentTA07 Channel SelectionTA08 Pump PrimingTA09 ExposureTA10 Go PhysicalTA11 PersistenceTA12 Measure Effectiveness
C00006 Charge for social mediaC00009 Educate high profile influencers on best practicesC00034 Create more friction at account creationC00047 Coordinated inauthenticsC00065 Reduce political targetingC00014 Real-time updates to fact-checking databaseC00097 Require use of verified identities to contribute to poll or commentC00112 "Prove they are not an op!"C00089 Throttle number of forwardsC00129 Use banking to cut off access C00131 Seize and analyse botnet serversC00090 Fake engagement system
C00008 Create shared fact-checking databaseC00011 Media literacy. Games to identify fake newsC00036 Infiltrate the in-group to discredit leaders (divide)C00052 Infiltrate platformsC00066 Co-opt a hashtag and drown it out (hijack it back)C00032 Hijack content and link to truth- based infoC00098 Revocation of "verified"C00113 Debunk and defuse a fake expert / credentials. Attack audience quality of fake expertC00122 Content moderation. Censorship?C00130 Mentorship: elders, youth, credit. Learn vicariously.C00133 Deplatform Account*C00140 "Bomb" link shorteners with lots of calls
C00010 Enhanced privacy regulation for social mediaC00028 Make information provenance availableC00040 third party verification for peopleC00053 Delete old accounts / Remove unused social media accountsC00216 Use advertiser controls to stem flow of funds to bad actorsC00071 Block source of pollutionC00099 Strengthen verification methodsC00114 Don't engage with payloadsC00123 Bot control C00135 Deplatform message groups and/or message boardsC00147 Make amplification of social media ports expire (e.g. can't like/ retweet after n days)
C00012 Platform regulationC00029 Create fake website to issue counter narrative and counter narrative through physical merchandiseC00042 Address truth contained in narrativesC00056 Get off social media C00072 Content censorship in non-relevant domains e.g. Pinterest antivaxC00100 Hashtag jackingC00115 Expose actor and intentionsC00124 Don't feed the trolls C00136 Microtarget most likely targets then send them countermessagesC00148 Add random links to network graphs
C00013 Rating framework for newsC00030 Develop a compelling counter narrative (truth based)C00044 Keep people from posting to social media immediatelyC00059 Verification of project before posting (counters funding campaigns) C00074 Identify identical content and mass deplatformC00101 Create participant frictionC00116 Provide proof of involvementC00125 Prepare the population with pre-announcements C00137 Pollute the AB-testing data feedsC00149 Poison the monitoring & evaluation data
C00016 Censorship - not recommendedC00031 Dilute the core narrative - create multiple permutations, target / amplifyC00046 Marginalise and discredit extremist groupsC00062 Free open library sources worldwide C00075 normalise languageC00102 Make repeat voting harderC00117 Downgrade de-amplify label promote counter to disinformationC00126 Social media amber alert C00138 Spam domestic actors with lawsuits
C00017 Repair broken social connectionsC00060 Legal action against for-profit engagement factoriesC00048 Name and Shame InfluencersC00162 collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages C00076 Prohibit images in political discourse channelsC00103 Create a bot that engages / distract trollsC00118 Repurpose images with new textC00128 Create friction by marking content with ridicule or other "decelerants" C00139 Weaponise youtube content matrices
C00019 Reduce effect of division-enablersC00070 Block access to disinformation resourcesC00051 Counter social engineering training C00078 Change Search Algorithms for Disinformation ContentC00105 Buy more advertising than the adversary to shift influence and algorithmsC00119 Engage payload and debunk. Provide link to facts. C00151 “fight in the light” C00143 (botnet) DMCA takedown requests to waste group time
C00021 Encourage in-person communicationC00092 Reputation scores for social media influencersC00058 Report crowdfunder as violator C00080 Create competing narrativeC00106 Click-bait centrist contentC00120 Open dialogue about design of platforms to produce different outcomesC00156 Better tell the U.S., NATO, and EU story. C00144 Buy out troll farm employees / offer them jobs
C00022 Innoculate. Positive campaign to promote feeling of safetyC00164 compatriot policyC00067 Denigrate the recipient/ project (of online funding) C00081 Highlight flooding and noise, and explain motivationsC00107 Content moderationC00121 Tool transparency and literacy for channels people follow. C00158 Use training to build the resilience of at-risk populations. C00145 Pollute the data voids with wholesome content (Kittens! Babyshark!)
C00024 Promote healthy narrativesC00207 Run a competing disinformation campaign - not recommendedC00077 Active defence: run TA03 "develop people” - not recommended C00082 Ground truthing as automated response to pollutionC00109 De-escalationC00154 Ask media not to report false informationC00169 develop a creative content hub
C00026 Shore up democracy based messagesC00222 Tabletop simulationsC00093 Influencer code of conduct C00084 Modify disinformation narratives, and rebroadcast themC00110 Monetize centrist SEO by subsidizing the difference in greater clicks towards extremist contentC00188 Newsroom/Journalist training to counter SEO influenceC00178 Fill information voids with non-disinformation content
C00027 Create culture of civility C00155 Ban incident actors from funding sites C00085 Mute contentC00111 Present sympathetic views of opposite sideC00193 promotion of a “higher standard of journalism”C00182 malware detection/quarantine/deletion
C00073 Inoculate populations through media literacy training C00160 find and train influencers C00086 Distract from noise with addictive contentC00195 Redirect MethodC00203 Stop offering press credentials to propaganda outletsC00184 Media exposure
C00096 Strengthen institutions that are always truth tellers C00189 Ensure that platforms are taking down flagged accounts C00087 Make more noise than the disinformationC00196 Include the role of social media in the regulatory framework for mediaC00204 Strengthen local mediaC00190 open engagement with civil society
C00153 Take pre-emptive action against actors' infrastructure C00197 remove suspicious accounts C00091 Honeypot social communityC00214 Create policy that makes social media police disinformation C00194 Provide an alternative to Russian information by expanding and improving local content.
C00159 Have a disinformation response plan C00094 Force full disclosure on corporate sponsor of researchC00215 Use fraud legislation to clean up social media C00200 Respected figure (influencer) disavows misinfo
C00161 Coalition Building and Third-Party Inducements: C00142 Platform adds warning label and decision point when sharing contentC00217 Registries alert when large batches of newsy URLs get registered together C00211 Use humorous counter-narratives
C00170 elevate information as a critical domain of statecraft C00165 Limit access to alterable documents C00212 build public resilence by making civil society more vibrant
C00174 Create a healthier news environment C00167 Deploy Information and Narrative-Building in Service of Statecraft C00218 Censorship
C00176 Improve Coordination amongst stakeholders: public and private C00171 social media content take-downs
C00205 strong dialogue between the federal government and private sector to encourage better reporting C00172 social media page removal
C00220 Develop a monitoring and intelligence plan C00202 Set data 'honeytraps'
C00221 Run a disinformation red team, and design mitigation factors C00210 Use encrypted apps for confidential communication
C00223 Strengthen Trust in social media platforms C00219 Add metadata to content that’s out of the control of disinformation creators
+
+
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + diff --git a/amitt_red_framework.md b/amitt_red_framework.md index 64b1aa6..585bd9f 100644 --- a/amitt_red_framework.md +++ b/amitt_red_framework.md @@ -1,4 +1,4 @@ -# AMITT Red: Latest Framework +# AMITT Red framework: Latest Framework diff --git a/amitt_red_framework_clickable.html b/amitt_red_framework_clickable.html index e498656..38b4206 100644 --- a/amitt_red_framework_clickable.html +++ b/amitt_red_framework_clickable.html @@ -1,7 +1,7 @@ - AMITT + AMITT Red framework diff --git a/generated_csvs/counters_tactics_table.csv b/generated_csvs/blue_framework_ids.csv similarity index 100% rename from generated_csvs/counters_tactics_table.csv rename to generated_csvs/blue_framework_ids.csv diff --git a/generated_csvs/techniques_tactics_table.csv b/generated_csvs/red_framework_ids.csv similarity index 100% rename from generated_csvs/techniques_tactics_table.csv rename to generated_csvs/red_framework_ids.csv