From b8192cd12a130d7cdc82aa5475fff70c6ace5721 Mon Sep 17 00:00:00 2001 From: Sun Date: Thu, 31 Aug 2023 09:25:25 -0400 Subject: [PATCH 1/3] changing links from stix2.0 to stix2.1 --- .../collections/collection_to_index.py | 2 +- mitreattack/diffStix/changelog_helper.py | 2 +- mitreattack/stix20/MitreAttackData.py | 2 +- mitreattack/stix20/custom_attack_objects.py | 44 +++++++++---------- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/mitreattack/collections/collection_to_index.py b/mitreattack/collections/collection_to_index.py index 50481ed5..094a6dce 100644 --- a/mitreattack/collections/collection_to_index.py +++ b/mitreattack/collections/collection_to_index.py @@ -61,7 +61,7 @@ def generate_index(name, description, root_url, files=None, folders=None, sets=N dict( type="bundle", id=f"bundle--{x.id}", - spec_version="2.0", + spec_version="2.1", objects=x.source.query([Filter("type", "=", "x-mitre-collection")]), ) for x in sets diff --git a/mitreattack/diffStix/changelog_helper.py b/mitreattack/diffStix/changelog_helper.py index bd298f9b..d6a0295b 100644 --- a/mitreattack/diffStix/changelog_helper.py +++ b/mitreattack/diffStix/changelog_helper.py @@ -546,7 +546,7 @@ def get_datastore_from_mitre_cti(self, domain: str, datastore_version: str) -> s s = requests.Session() retries = Retry(total=10, backoff_factor=0.3, status_forcelist=[500, 502, 503, 504]) s.mount("http", HTTPAdapter(max_retries=retries)) - stix_url = f"https://raw.githubusercontent.com/mitre/cti/master/{domain}/{domain}.json" + stix_url = f"https://raw.githubusercontent.com/mitre/attack-stix-data/master/{domain}/{domain}.json" try: stix_response = s.get(stix_url, timeout=60) if stix_response.status_code != 200: diff --git a/mitreattack/stix20/MitreAttackData.py b/mitreattack/stix20/MitreAttackData.py index dcc613cc..1525cf42 100644 --- a/mitreattack/stix20/MitreAttackData.py +++ b/mitreattack/stix20/MitreAttackData.py @@ -4,7 +4,7 @@ from itertools import chain from stix2 import MemoryStore, Filter from stix2.utils import get_type_from_id -from mitreattack.stix20.custom_attack_objects import StixObjectFactory +from mitreattack.stix21.custom_attack_objects import StixObjectFactory class MitreAttackData: diff --git a/mitreattack/stix20/custom_attack_objects.py b/mitreattack/stix20/custom_attack_objects.py index 3bdb7e0a..5fd4551f 100644 --- a/mitreattack/stix20/custom_attack_objects.py +++ b/mitreattack/stix20/custom_attack_objects.py @@ -58,21 +58,21 @@ def StixObjectFactory(data: dict) -> object: "x-mitre-matrix", [ # SDO Common Properties - ("id", IDProperty("x-mitre-matrix", spec_version="2.0")), - ("type", TypeProperty("x-mitre-matrix", spec_version="2.0")), - ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("id", IDProperty("x-mitre-matrix", spec_version="2.1")), + ("type", TypeProperty("x-mitre-matrix", spec_version="2.1")), + ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("created", TimestampProperty(precision="millisecond")), ("modified", TimestampProperty(precision="millisecond")), ("revoked", BooleanProperty(default=lambda: False)), ("external_references", ListProperty(ExternalReference)), - ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.0"))), + ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.1"))), ("name", StringProperty(required=True)), ("description", StringProperty()), - ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("x_mitre_version", StringProperty()), ("x_mitre_attack_spec_version", StringProperty()), # Matrix Properties - ("tactic_refs", ListProperty(ReferenceProperty(valid_types="x-mitre-tactic", spec_version="2.0"))), + ("tactic_refs", ListProperty(ReferenceProperty(valid_types="x-mitre-tactic", spec_version="2.1"))), ], ) class Matrix(CustomStixObject, object): @@ -90,18 +90,18 @@ class Matrix(CustomStixObject, object): "x-mitre-tactic", [ # SDO Common Properties - ("id", IDProperty("x-mitre-tactic", spec_version="2.0")), - ("type", TypeProperty("x-mitre-tactic", spec_version="2.0")), - ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("id", IDProperty("x-mitre-tactic", spec_version="2.1")), + ("type", TypeProperty("x-mitre-tactic", spec_version="2.1")), + ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("created", TimestampProperty(precision="millisecond")), ("modified", TimestampProperty(precision="millisecond")), ("revoked", BooleanProperty(default=lambda: False)), ("external_references", ListProperty(ExternalReference)), - ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.0"))), + ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.1"))), ("name", StringProperty(required=True)), ("description", StringProperty()), ("x_mitre_domains", ListProperty(StringProperty())), - ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("x_mitre_version", StringProperty()), ("x_mitre_attack_spec_version", StringProperty()), # Tactic Properties @@ -131,19 +131,19 @@ def get_shortname(self) -> str: "x-mitre-data-source", [ # SDO Common Properties - ("id", IDProperty("x-mitre-data-source", spec_version="2.0")), - ("type", TypeProperty("x-mitre-data-source", spec_version="2.0")), - ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("id", IDProperty("x-mitre-data-source", spec_version="2.1")), + ("type", TypeProperty("x-mitre-data-source", spec_version="2.1")), + ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("created", TimestampProperty(precision="millisecond")), ("modified", TimestampProperty(precision="millisecond")), ("revoked", BooleanProperty(default=lambda: False)), ("external_references", ListProperty(ExternalReference)), - ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.0"))), + ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.1"))), ("name", StringProperty(required=True)), ("description", StringProperty()), ("x_mitre_domains", ListProperty(StringProperty())), ("x_mitre_contributors", ListProperty(StringProperty())), - ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("x_mitre_version", StringProperty()), ("x_mitre_attack_spec_version", StringProperty()), # Data Source Properties @@ -167,21 +167,21 @@ class DataSource(CustomStixObject, object): "x-mitre-data-component", [ # SDO Common Properties - ("id", IDProperty("x-mitre-data-component", spec_version="2.0")), - ("type", TypeProperty("x-mitre-data-component", spec_version="2.0")), - ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("id", IDProperty("x-mitre-data-component", spec_version="2.1")), + ("type", TypeProperty("x-mitre-data-component", spec_version="2.1")), + ("created_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("created", TimestampProperty(precision="millisecond")), ("modified", TimestampProperty(precision="millisecond")), ("revoked", BooleanProperty(default=lambda: False)), ("external_references", ListProperty(ExternalReference)), - ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.0"))), + ("object_marking_refs", ListProperty(ReferenceProperty(valid_types="marking-definition", spec_version="2.1"))), ("name", StringProperty(required=True)), ("description", StringProperty()), - ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.0")), + ("x_mitre_modified_by_ref", ReferenceProperty(valid_types="identity", spec_version="2.1")), ("x_mitre_version", StringProperty()), ("x_mitre_attack_spec_version", StringProperty()), # Data Component Properties - ("x_mitre_data_source_ref", ReferenceProperty(valid_types="x-mitre-data-source", spec_version="2.0")), + ("x_mitre_data_source_ref", ReferenceProperty(valid_types="x-mitre-data-source", spec_version="2.1")), ], ) class DataComponent(CustomStixObject, object): From d891711426463cd8a323670cbce3fcd0406d076b Mon Sep 17 00:00:00 2001 From: Sun Date: Thu, 31 Aug 2023 09:59:34 -0400 Subject: [PATCH 2/3] changing links from stix2.0 to stix2.1 part 2 --- mitreattack/diffStix/changelog_helper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mitreattack/diffStix/changelog_helper.py b/mitreattack/diffStix/changelog_helper.py index d6a0295b..de4bca12 100644 --- a/mitreattack/diffStix/changelog_helper.py +++ b/mitreattack/diffStix/changelog_helper.py @@ -562,7 +562,7 @@ def get_datastore_from_mitre_cti(self, domain: str, datastore_version: str) -> s attack_version = release_info.get_attack_version(domain=domain, stix_content=stix_response.content) self.data[datastore_version][domain]["attack_release_version"] = attack_version - data_store = MemoryStore(stix_data=stix_json["objects"]) + data_store = MemoryStore(stix_data=stix_json["objects"], version="2.1") return data_store def parse_extra_data(self, data_store: stix2.MemoryStore, domain: str, datastore_version: str): From 3227bbfaa041883ad3143655b2b2669a895336a4 Mon Sep 17 00:00:00 2001 From: Sun Date: Wed, 6 Sep 2023 14:30:09 -0400 Subject: [PATCH 3/3] all code examples work --- examples/get_campaign_by_alias.py | 4 ++-- examples/get_group_by_alias.py | 4 ++-- examples/get_object_by_name.py | 4 ++-- examples/get_software_by_alias.py | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/get_campaign_by_alias.py b/examples/get_campaign_by_alias.py index fe4473f6..0ebe473b 100644 --- a/examples/get_campaign_by_alias.py +++ b/examples/get_campaign_by_alias.py @@ -4,9 +4,9 @@ def main(): mitre_attack_data = MitreAttackData("enterprise-attack.json") - C0001 = mitre_attack_data.get_campaign_by_alias("Frankenstein") + C0001 = mitre_attack_data.get_campaigns_by_alias("Frankenstein") - print(C0001.serialize(pretty=True)) + print(C0001[0].serialize(pretty=True)) if __name__ == "__main__": diff --git a/examples/get_group_by_alias.py b/examples/get_group_by_alias.py index 62ee0f43..638b86a5 100644 --- a/examples/get_group_by_alias.py +++ b/examples/get_group_by_alias.py @@ -4,9 +4,9 @@ def main(): mitre_attack_data = MitreAttackData("enterprise-attack.json") - G0016 = mitre_attack_data.get_group_by_alias("Cozy Bear") + G0016 = mitre_attack_data.get_groups_by_alias("Cozy Bear") - print(G0016.serialize(pretty=True)) + print(G0016[0].serialize(pretty=True)) if __name__ == "__main__": diff --git a/examples/get_object_by_name.py b/examples/get_object_by_name.py index 8f2879d6..30c02764 100644 --- a/examples/get_object_by_name.py +++ b/examples/get_object_by_name.py @@ -4,9 +4,9 @@ def main(): mitre_attack_data = MitreAttackData("enterprise-attack.json") - T1082 = mitre_attack_data.get_object_by_name("System Information Discovery", "attack-pattern") + T1082 = mitre_attack_data.get_objects_by_name("System Information Discovery", "attack-pattern") - print(T1082.serialize(pretty=True)) + print(T1082[0].serialize(pretty=True)) if __name__ == "__main__": diff --git a/examples/get_software_by_alias.py b/examples/get_software_by_alias.py index c4ec6ed5..7e0ebf90 100644 --- a/examples/get_software_by_alias.py +++ b/examples/get_software_by_alias.py @@ -6,7 +6,7 @@ def main(): S0196 = mitre_attack_data.get_software_by_alias("ShellTea") - print(S0196.serialize(pretty=True)) + print(S0196[0].serialize(pretty=True)) if __name__ == "__main__":