public void EnrichGraph([NotNull] MitreGraph graph) { graph.RegisterSource(_name, _version, _catalog.GetLastChangeDateTime()); var attackPatterns = _catalog.Objects? .Where(x => !x.Deprecated && !x.Revoked && string.CompareOrdinal(x.Type, "attack-pattern") == 0) .ToArray(); if (attackPatterns?.Any() ?? false) { foreach (var attackPattern in attackPatterns) { graph.CreateNode(attackPattern); } } var mitigations = _catalog.Objects? .Where(x => !x.Deprecated && !x.Revoked && string.CompareOrdinal(x.Type, "course-of-action") == 0) .ToArray(); if (mitigations?.Any() ?? false) { foreach (var mitigation in mitigations) { graph.CreateNode(mitigation); } } var relationships = _catalog.Objects? .Where(x => !x.Deprecated && !x.Revoked && string.CompareOrdinal(x.Type, "relationship") == 0) .ToArray(); if (relationships?.Any() ?? false) { foreach (var relationship in relationships) { var source = graph.GetNode("ATT&CK", relationship.Source); var target = graph.GetNode("ATT&CK", relationship.Target); if (source != null && target != null) { switch (relationship.Relationship) { case "mitigates": source.AddRelationship(RelationshipType.Mitigates, target); target.AddRelationship(RelationshipType.IsMitigatedBy, source); break; case "subtechnique-of": source.AddRelationship(RelationshipType.ChildOf, target); target.AddRelationship(RelationshipType.ParentOf, source); break; } } } } }
static void Main(string[] args) { if (args.Length > 0) { if (Directory.Exists(args[0])) { Console.WriteLine("Threats Manager Platform - MITRE Importer"); var graph = new MitreGraph(); var cweFile = Directory.GetFiles(args[0], "cwe*.xml", SearchOption.TopDirectoryOnly)? .OrderByDescending(x => x) .FirstOrDefault(); if (cweFile != null) { var cwe = File.ReadAllText(cweFile); var cweEngine = new CweEngine(cwe); cweEngine.EnrichGraph(graph); } var capecFile = Directory.GetFiles(args[0], "capec*.xml", SearchOption.TopDirectoryOnly)? .OrderByDescending(x => x) .FirstOrDefault(); if (capecFile != null) { var capec = File.ReadAllText(capecFile); var capecEngine = new CapecEngine(capec); capecEngine.EnrichGraph(graph); } var attackFile = Directory.GetFiles(args[0], "enterprise-attack.json", SearchOption.TopDirectoryOnly)? .OrderByDescending(x => x) .FirstOrDefault(); if (attackFile != null) { var attack = File.ReadAllText(attackFile); var attackEngine = new AttackEngine("Enterprise ATT&CK", "1.0", attack); attackEngine.EnrichGraph(graph); } graph.ReconcileRelationships(); Print(graph); var path = Path.Combine(args[0], "MitreGraph.json"); graph.Serialize(path); Console.WriteLine($"Created file {path}."); } else { throw new DirectoryNotFoundException(); } } }
private static void Print(MitreGraph graph) { Console.WriteLine($"Sources: {graph.Sources.Count}."); Console.WriteLine($"Nodes: {graph.Nodes.Count}."); Console.WriteLine($"- Attack Patterns: {graph.Nodes.OfType<AttackPatternNode>().Count()}."); Console.WriteLine($"- Categories: {graph.Nodes.OfType<CategoryNode>().Count()}."); Console.WriteLine($"- Externals: {graph.Nodes.OfType<ExternalNode>().Count()}."); Console.WriteLine($"- Views: {graph.Nodes.OfType<ViewNode>().Count()}."); Console.WriteLine($"- Weaknesses: {graph.Nodes.OfType<WeaknessNode>().Count()}."); Console.WriteLine($"- Mitigations : {graph.Nodes.OfType<MitigationNode>().Count()}."); }
public void EnrichGraph([NotNull] MitreGraph graph) { graph.RegisterSource(_catalog.Name, _catalog.Version, _catalog.Date); var views = _catalog.Views? .Where(x => x.Type == ViewTypeEnumeration.Graph && x.Status != StatusEnumeration.Deprecated && x.Status != StatusEnumeration.Obsolete) .ToArray(); if (views?.Any() ?? false) { foreach (var v in views) { graph.CreateNode(v); } } var categories = _catalog.Categories? .Where(x => x.Status != StatusEnumeration.Deprecated && x.Status != StatusEnumeration.Obsolete) .ToArray(); if (categories?.Any() ?? false) { foreach (var c in categories) { graph.CreateNode(c); } } var weaknesses = _catalog.Weaknesses? .Where(x => x.Status != StatusEnumeration.Deprecated && x.Status != StatusEnumeration.Obsolete) .ToArray(); if (weaknesses?.Any() ?? false) { foreach (var w in weaknesses) { graph.CreateNode(w); } } }