public void EnrichGraph([NotNull] MitreGraph graph)
{
graph.RegisterSource(_name, _version, _catalog.GetLastChangeDateTime());
var attackPatterns = _catalog.Objects?
.Where(x => !x.Deprecated && !x.Revoked && string.CompareOrdinal(x.Type, "attack-pattern") == 0)
.ToArray();
if (attackPatterns?.Any() ?? false)
{
foreach (var attackPattern in attackPatterns)
{
graph.CreateNode(attackPattern);
}
}
var mitigations = _catalog.Objects?
.Where(x => !x.Deprecated && !x.Revoked && string.CompareOrdinal(x.Type, "course-of-action") == 0)
.ToArray();
if (mitigations?.Any() ?? false)
{
foreach (var mitigation in mitigations)
{
graph.CreateNode(mitigation);
}
}
var relationships = _catalog.Objects?
.Where(x => !x.Deprecated && !x.Revoked && string.CompareOrdinal(x.Type, "relationship") == 0)
.ToArray();
if (relationships?.Any() ?? false)
{
foreach (var relationship in relationships)
{
var source = graph.GetNode("ATT&CK", relationship.Source);
var target = graph.GetNode("ATT&CK", relationship.Target);
if (source != null && target != null)
{
switch (relationship.Relationship)
{
case "mitigates":
source.AddRelationship(RelationshipType.Mitigates, target);
target.AddRelationship(RelationshipType.IsMitigatedBy, source);
break;
case "subtechnique-of":
source.AddRelationship(RelationshipType.ChildOf, target);
target.AddRelationship(RelationshipType.ParentOf, source);
break;
}
}
}
}
}
static void Main(string[] args)
{
if (args.Length > 0)
{
if (Directory.Exists(args[0]))
{
Console.WriteLine("Threats Manager Platform - MITRE Importer");
var graph = new MitreGraph();
var cweFile = Directory.GetFiles(args[0], "cwe*.xml", SearchOption.TopDirectoryOnly)?
.OrderByDescending(x => x)
.FirstOrDefault();
if (cweFile != null)
{
var cwe = File.ReadAllText(cweFile);
var cweEngine = new CweEngine(cwe);
cweEngine.EnrichGraph(graph);
}
var capecFile = Directory.GetFiles(args[0], "capec*.xml", SearchOption.TopDirectoryOnly)?
.OrderByDescending(x => x)
.FirstOrDefault();
if (capecFile != null)
{
var capec = File.ReadAllText(capecFile);
var capecEngine = new CapecEngine(capec);
capecEngine.EnrichGraph(graph);
}
var attackFile = Directory.GetFiles(args[0], "enterprise-attack.json", SearchOption.TopDirectoryOnly)?
.OrderByDescending(x => x)
.FirstOrDefault();
if (attackFile != null)
{
var attack = File.ReadAllText(attackFile);
var attackEngine = new AttackEngine("Enterprise ATT&CK", "1.0", attack);
attackEngine.EnrichGraph(graph);
}
graph.ReconcileRelationships();
Print(graph);
var path = Path.Combine(args[0], "MitreGraph.json");
graph.Serialize(path);
Console.WriteLine($"Created file {path}.");
}
else
{
throw new DirectoryNotFoundException();
}
}
}
private static void Print(MitreGraph graph)
{
Console.WriteLine($"Sources: {graph.Sources.Count}.");
Console.WriteLine($"Nodes: {graph.Nodes.Count}.");
Console.WriteLine($"- Attack Patterns: {graph.Nodes.OfType<AttackPatternNode>().Count()}.");
Console.WriteLine($"- Categories: {graph.Nodes.OfType<CategoryNode>().Count()}.");
Console.WriteLine($"- Externals: {graph.Nodes.OfType<ExternalNode>().Count()}.");
Console.WriteLine($"- Views: {graph.Nodes.OfType<ViewNode>().Count()}.");
Console.WriteLine($"- Weaknesses: {graph.Nodes.OfType<WeaknessNode>().Count()}.");
Console.WriteLine($"- Mitigations : {graph.Nodes.OfType<MitigationNode>().Count()}.");
}
public void EnrichGraph([NotNull] MitreGraph graph)
{
graph.RegisterSource(_catalog.Name, _catalog.Version, _catalog.Date);
var views = _catalog.Views?
.Where(x => x.Type == ViewTypeEnumeration.Graph && x.Status != StatusEnumeration.Deprecated && x.Status != StatusEnumeration.Obsolete)
.ToArray();
if (views?.Any() ?? false)
{
foreach (var v in views)
{
graph.CreateNode(v);
}
}
var categories = _catalog.Categories?
.Where(x => x.Status != StatusEnumeration.Deprecated && x.Status != StatusEnumeration.Obsolete)
.ToArray();
if (categories?.Any() ?? false)
{
foreach (var c in categories)
{
graph.CreateNode(c);
}
}
var weaknesses = _catalog.Weaknesses?
.Where(x => x.Status != StatusEnumeration.Deprecated && x.Status != StatusEnumeration.Obsolete)
.ToArray();
if (weaknesses?.Any() ?? false)
{
foreach (var w in weaknesses)
{
graph.CreateNode(w);
}
}
}
