-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add `MathJax` * temporarily disable recompilation of model * add example about page * add document number * add OpenCTI README * update favicon * update footer links * update "learn more" link * switch router to hash router * add about documentation * add resource page * update links * update resource text
- Loading branch information
1 parent
9c57bfc
commit b4648ab
Showing
17 changed files
with
485 additions
and
58 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Obtaining Annotated Reports from OpenCTI: | ||
|
||
- OpenCTI has reports that come in daily, over 13,000 total reports and some of them have TTPs | ||
|
||
Steps to Get Reports from OpenCTI using the Jupyter Notebook here: OpenCTI Reports to TTPs (shareable).ipynb | ||
|
||
1. Specify the URL for your OpenCTI instance and set your API key in the corresponding field in the script. | ||
|
||
2. Run the first few cells to import the necessary libraries and connect to the OpenCTI instance. | ||
|
||
3. Run the cell that contains the Query to obtain all report objects in OpenCTI via GraphQL to obtain list of report IDs. This list of report IDs will have to be iterated on next. It will grab two report IDs for all reports present in the database. | ||
|
||
- GraphQL queries have been formulated within MITRE to collect the necessary fields. This query is just looking for reports and the fields attached to it can be modified within the script if additional information is needed. | ||
|
||
4. Run the next query to use the the Report’s ID field as input to collect all the TTPs linked with the ReportID; each query runs independently using the single report ID and then returns the data with the ATT&CK techniques. The loop will finish once every report is checked for TTPs; discarding any reports that return an empty list. | ||
|
||
- If additional information beyond TTPs is needed from each report, you can add any other fields (e.g., description, publication date, etc.) to return from OpenCTI. | ||
|
||
5. Parse the JSON response to filter out any non-Enterprise ATT&CK techniques (since OpenCTI also contains other domains like mobile and ICS techniques) duplicate URLs/TTP combinations, and only use TLP-clear field. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,4 +30,4 @@ coverage | |
*.tsbuildinfo | ||
|
||
# Ignore Model | ||
app.trained.model.zip | ||
# app.trained.model.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.