51 строка
2.0 KiB
Python
51 строка
2.0 KiB
Python
# A STIX bundle generator for the DISARM Framework.
|
|
#
|
|
# Author: Roger Johnston, Twitter: @VV_X_7
|
|
# License: GPL-3
|
|
|
|
import pandas as pd
|
|
import openpyxl
|
|
from stix2 import (Bundle, AttackPattern, ThreatActor, IntrusionSet, Relationship, CustomObject, properties,
|
|
Malware, Tool, Campaign, Identity, MarkingDefinition, ExternalReference, StatementMarking,
|
|
GranularMarking, Location, MemoryStore, Filter)
|
|
from stix2.properties import (ReferenceProperty, ListProperty, StringProperty, TimestampProperty, BooleanProperty, IntegerProperty)
|
|
|
|
import helpers
|
|
from objects import tactic, technique, matrix, bundle, relationship, identity, marking_definition
|
|
from helpers import xlsx, file
|
|
|
|
|
|
def generate_disarm_stix():
|
|
"""Generates a DISARM STIX bundle.
|
|
|
|
Returns:
|
|
|
|
"""
|
|
data = helpers.xlsx.load_excel_data("../DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx")
|
|
|
|
disarm_identity = identity.make_disarm_identity()
|
|
identity_id = disarm_identity[0]["id"]
|
|
disarm_marking_definition = marking_definition.make_disarm_marking_definition(identity_id)
|
|
marking_id = disarm_marking_definition[0]["id"]
|
|
|
|
tactics = tactic.make_disarm_tactics(data, identity_id, marking_id)
|
|
techniques = technique.make_disarm_techniques(data, identity_id, marking_id)
|
|
subtechnique_relationships = relationship.make_disarm_subtechnique_relationships(techniques, marking_id)
|
|
navigator_matrix = matrix.make_disarm_matrix(tactics)
|
|
|
|
stix_objects = []
|
|
stix_objects.append(tactics)
|
|
stix_objects.append(techniques)
|
|
stix_objects.append(subtechnique_relationships)
|
|
stix_objects.append(disarm_identity)
|
|
stix_objects.append(disarm_marking_definition)
|
|
stix_objects.append(navigator_matrix)
|
|
stix_objects = [item for sublist in stix_objects for item in sublist]
|
|
disarm_bundle = bundle.make_stix_bundle(stix_objects)
|
|
helpers.file.clean_output_dir()
|
|
helpers.file.write_files(stix_objects)
|
|
helpers.file.write_bundle(disarm_bundle, "DISARM")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
generate_disarm_stix() |