-
Notifications
You must be signed in to change notification settings - Fork 1
/
machinetag2human.py
61 lines (47 loc) · 1.92 KB
/
machinetag2human.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/env python
from __future__ import print_function
import sys
import json
import uuid
import random
import re
if len(sys.argv) != 3:
print("syntax: %s <inputfile> <outputfile>" %(sys.argv[0],), file=sys.stderr)
sys.exit(-1)
infile = sys.argv[1]
outfile = sys.argv[2]
data = dict()
predicates = dict()
def print_header(data, outfile):
f = open(outfile, "w")
f.write("""
# RSIT to ATT&CK
Generated from machine readable version. Please **DO NOT** edit this file directly in github, rather use the machinetag.json file.
| Classification | Incident examples | ATT&CK Technique | Description |
|----------------|-------------------| ------------------------------|--------------------|""")
f.write("\n")
def print_entries(data, outfile):
f = open(outfile, "a")
for predicate in data['predicates']:
predicates[predicate['value']] = predicate['expanded']
for entry in data['values']:
for t in entry['entry']:
d = t.get('description', '')
a = t.get('attck', '')
attck = ""
for el in a:
if 'MITRE' in el:
if re.match(r'^T\d{4} -',el['MITRE']):
# Technique
attck = "%s[%s](https://attack.mitre.org/techniques/%s/)<br><br>" %(attck, el['MITRE'], el['MITRE'].split("-")[0].strip())
elif re.match(r'^T\d{4}/\d{3} -',el['MITRE']):
# SubTechnique
attck = "%s[%s](https://attack.mitre.org/techniques/%s/)<br><br>" %(attck, el['MITRE'], el['MITRE'].split("-")[0].strip())
f.write('| %s | %s | %s | %s |' %(predicates[entry['predicate']], t['expanded'], attck, d))
f.write("\n")
if __name__ == '__main__':
if True:
with open(infile) as f:
data = json.load(f)
print_header(data, outfile)
print_entries(data, outfile)