Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Commit

Permalink
Update for GCP support
Browse files Browse the repository at this point in the history 
This commit adds the plumbing to support GCP mappings (see #161). This also fixes
  • Loading branch information
@mehaase
mehaase committed Apr 29, 2022
1 parent a02b9a1 commit 85f874c
Show file tree
Hide file tree
Showing 6 changed files with 136 additions and 5 deletions.
3 changes: 0 additions & 3 deletions .gitmodules
View file

This file was deleted.

9 changes: 9 additions & 0 deletions images/gcp_icon.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
112 changes: 112 additions & 0 deletions tools/config/gcp_markdown_summary_template.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
<html>

<head>
<link rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/4.0.0/github-markdown.min.css">
<style>
h2 {
background: url('/security-stack-mappings/icons/gcp_icon.svg') no-repeat #e8e8e8;
background-size: 50px;
padding-left: 60px;
/* width of the image plus a little extra padding */
padding-top: 5px;
/* width of the image plus a little extra padding */
display: block;
/* may not need this, but I've found I do */
}

a[href="#contents"] {
text-align: center;
display: block;
}
</style>
<script type="text/javascript">
window.onload = function () {
let control_icon_style = "background: url('/security-stack-mappings/icons/gcp_icon.svg') no-repeat #e8e8e8; \
background-size: 50px; \
padding-left: 60px; \
padding-top: 0px; \
display: block; \
";

let tag_icon_style = "background: url('/security-stack-mappings/icons/clipboard.svg') no-repeat #e8e8e8; \
background-size: 35px; \
padding-left: 40px; \
padding-top: 5px; \
display: block; \
";

let controls_h2s = document.getElementsByTagName("h2");
let style = control_icon_style;
let last_item_num = 1;
for (let item of controls_h2s) {
let item_num = parseInt(item.textContent.split(".")[0]);
if (last_item_num > item_num) {
style = tag_icon_style;
}
item.style.cssText = style;
last_item_num = item_num;
}

let header_items = document.querySelectorAll("h1,h2");
let header_dict = {};
for (let header_item of header_items) {
header_dict[header_item.textContent] = header_item;
}

//fix URI fragments
let toc_items = document.getElementsByTagName("ul")[0].getElementsByTagName("a");
for (let toc_item of toc_items) {
let fragment = toc_item.href.split("#")[1];
let header_item = header_dict[toc_item.textContent];
if (header_item) {
header_item.innerHTML = "<a id='" + fragment + "'></a>" + header_item.innerHTML;
}
}
header_dict["Contents"].innerHTML = "<a id='contents'></a>" + header_dict["Contents"].innerHTML;

//fix Navigator links
let nav_links = document.evaluate("//a[contains(.,'Navigator Layer')]", document, null, XPathResult.ANY_TYPE, null);
let nav_link = null;
let links = [];
while (nav_link = nav_links.iterateNext()) {
links.push(nav_link);
}
for (let nav_link of links) {
nav_link.href = "https://mitre-attack.github.io/attack-navigator/enterprise/#layerURL=" + nav_link.href;
nav_link.target = "_blank";
}

//fix Mapping links
let mapping_links = document.evaluate("//a[contains(.,'Mapping File')]", document, null, XPathResult.ANY_TYPE, null);
let mapping_link = null;
let mlinks = [];
while (mapping_link = mapping_links.iterateNext()) {
mlinks.push(mapping_link);
}
for (let mapping_link of mlinks) {
mapping_link.href = "https://www.treedoc.org/?dataUrl=" + mapping_link.href;
mapping_link.target = "_blank";
}
}
</script>
</head>

<body>
<main>
<article class="markdown-body">
<div style="height:50">
<img src="/security-stack-mappings/icons/PRPL-CTID-third.jpeg" width="150" height="50">
<div style="text-align:right;float:right">
<a href="https://ctid.mitre-engenuity.org/">Center for Threat-Informed Defense</a>
</br>
<a href="https://github.com/center-for-threat-informed-defense/security-stack-mappings">Security
Stack Mapping Project on GitHub</a>
</div>
</div>
<CONTENT_HERE>
</article>
</main>
</body>

</html>
2 changes: 2 additions & 0 deletions tools/config/markdown_summary_config.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
{
"summaries": {
"Azure": "These mappings of the Microsoft Azure Infrastructure as a Services (IaaS) security controls to MITRE ATT&CK® are designed to empower organizations with independent data on which native Azure security controls are most useful in defending against the adversary TTPs that they care about. These mappings are part of a collection of mappings of native product security controls to ATT&CK based on a common methodology, scoring rubric, data model, and tool set. This full set of resources is available on the Center’s project [page](https://ctid.mitre-engenuity.org/our-work/security-stack-mappings-azure/).",
"GCP": "These mappings of the Google Cloud Platform (GCP) security controls to MITRE ATT&CK® are designed to empower organizations with independent data on which native AWS security controls are most useful in defending against the adversary TTPs that they care about. These mappings are part of a collection of mappings of native product security controls to ATT&CK based on a common methodology, scoring rubric, data model, and tool set. This full set of resources is available on the Center’s project [page](https://ctid.mitre-engenuity.org/our-work/security-stack-mappings-aws/).",
"AWS": "These mappings of the Amazon Web Services (AWS) security controls to MITRE ATT&CK® are designed to empower organizations with independent data on which native AWS security controls are most useful in defending against the adversary TTPs that they care about. These mappings are part of a collection of mappings of native product security controls to ATT&CK based on a common methodology, scoring rubric, data model, and tool set. This full set of resources is available on the Center’s project [page](https://ctid.mitre-engenuity.org/our-work/security-stack-mappings-aws/)."
},
"titles": {
"Azure": "Microsoft Azure Security Control Mappings to MITRE ATT&CK®",
"GCP": "Google Cloud Platform Security Control Mappings to MITRE ATT&CK®",
"AWS": "Amazon Web Services Security Control Mappings to MITRE ATT&CK®"
}
}
1 change: 1 addition & 0 deletions tools/config/navigator_layer_config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,4 @@ score_values:
platform_attack_versions:
Azure: 8
AWS: 9
GCP: 10
14 changes: 12 additions & 2 deletions tools/utils/attack_data_source.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,13 @@ def get_tactic_techniques(self, tactic_name, version = None):
Filter('type', '=', 'attack-pattern'),
Filter('kill_chain_phases.phase_name', '=', tactic_name),
Filter('kill_chain_phases.kill_chain_name', '=', 'mitre-attack'),
Filter('x_mitre_is_subtechnique', '=', False)
])

# Some ATT&CK STIX objects do not have the x_mitre_is_subtechnique attribute,
# so this cannot be checked with a STIX Filter.
techniques = list(filter(lambda t: not hasattr(t, "x_mitre_is_subtechnique") \
or not t.x_mitre_is_subtechnique, techniques))

return techniques


Expand All @@ -87,8 +92,13 @@ def get_techniques(self, version = None):

techniques = self.tc_src.query([
Filter("type", "=", "attack-pattern"),
Filter('x_mitre_is_subtechnique', '=', False)
])

# Some ATT&CK STIX objects do not have the x_mitre_is_subtechnique attribute,
# so this cannot be checked with a STIX Filter.
techniques = list(filter(lambda t: not hasattr(t, "x_mitre_is_subtechnique") \
or not t.x_mitre_is_subtechnique, techniques))

return techniques


Expand Down

0 comments on commit 85f874c

Please sign in to comment.