Merge pull request #161 from VVX7/amitt

chg: [template] conditionally list IR phases in RP body
2024-11-06 09:35:21 +00:00 · 2020-02-18 19:10:21 -05:00 · 2020-02-18 19:10:21 -05:00 · cf37134c6c
commit cf37134c6c
parent c492c501da 02efcce879
4 changed files with 25 additions and 6 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 .PHONY: all analytics navigator elastic setup clean visualizations thehive

-all: setup_repo markdown confluence analytics navigator elastic
+all: markdown confluence analytics navigator elastic
 analytics: create_analytics_and_pivoting_csv
 navigator: create_attack_navigator_profile create_attack_navigator_profile_per_customer
 elastic: create_es_export
--- a/scripts/responseplaybook.py
+++ b/scripts/responseplaybook.py
@ -193,11 +193,21 @@ class ResponsePlaybook:
            eradication = []
            recovery = []
            lessons_learned = []
+            detect = []
+            deny = []
+            disrupt = []
+            degrade = []
+            deceive = []
+            destroy = []
+            deter = []

            stages = [
                ('identification', identification),
                ('containment', containment), ('eradication', eradication),
-                ('recovery', recovery), ('lessons_learned', lessons_learned)
+                ('recovery', recovery), ('lessons_learned', lessons_learned),
+                ('detect', detect), ('deny', deny), ('disrupt', disrupt),
+                ('degrade', degrade), ('deceive', deceive), ('destroy', destroy),
+                ('deter', deter)
            ]

            for stage_name, stage_list in stages:
@ -235,11 +245,21 @@ class ResponsePlaybook:
            eradication = []
            recovery = []
            lessons_learned = []
+            detect = []
+            deny = []
+            disrupt = []
+            degrade = []
+            deceive = []
+            destroy = []
+            deter = []

            stages = [
                ('identification', identification),
                ('containment', containment), ('eradication', eradication),
-                ('recovery', recovery), ('lessons_learned', lessons_learned)
+                ('recovery', recovery), ('lessons_learned', lessons_learned),
+                ('detect', detect), ('deny', deny), ('disrupt', disrupt),
+                ('degrade', degrade), ('deceive', deceive), ('destroy', destroy),
+                ('deter', deter)
            ]

            # grab workflow per action in each IR stages
--- a/scripts/templates/markdown_responseplaybook_template.md.j2
+++ b/scripts/templates/markdown_responseplaybook_template.md.j2
@ -13,8 +13,7 @@
 {{ workflow }}

 {% for stage_name, stage_actions in stages %}
-
-#### {{ stage_name }}
+{% if stage_actions is not none and stage_actions|length %}#### {{ stage_name }}{% endif %}
 {% for action_description, action_workflow in stage_actions%}
 ##### {{ action_description }}

--- a/scripts/update_amitt_mapping.py
+++ b/scripts/update_amitt_mapping.py
@ -6,7 +6,7 @@ amitt_tactic_mapping = {}
 amitt_technique_mapping = {}
 amitt_mitigation_mapping = {}

-#amitt_json_url = ("https://raw.githubusercontent.com/VVX7/cti/master/amitt-attack/amitt-attack.json")
+amitt_json_url = ("https://raw.githubusercontent.com/cogsec-collaborative/amitt_cti/master/amitt/amitt-attack.json")

 amitt_json = requests.get(amitt_json_url).json()