SHARE
TWEET

Untitled

a guest May 21st, 2019 86 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. from stix2 import FileSystemSource
  2. from stix2 import Filter
  3. from stix2.utils import get_type_from_id
  4.  
  5. fs = FileSystemSource('./enterprise-attack')
  6.  
  7. def get_group_by_alias(src):
  8.     return src.query([
  9.         Filter('type', '=', 'intrusion-set'),
  10.     ])
  11.    
  12. def get_techniques_by_group_software(src, group_stix_id):
  13.     # get the malware, tools that the group uses
  14.     group_uses = [
  15.         r for r in src.relationships(group_stix_id, 'uses', source_only=True)
  16.         if get_type_from_id(r.target_ref) in ['malware', 'tool']
  17.     ]
  18.  
  19.     # get the technique stix ids that the malware, tools use
  20.     software_uses = src.query([
  21.         Filter('type', '=', 'relationship'),
  22.         Filter('relationship_type', '=', 'uses'),
  23.         Filter('source_ref', 'in', [r.source_ref for r in group_uses])
  24.     ])
  25.  
  26.     #get the techniques themselves
  27.     return src.query([
  28.         Filter('type', '=', 'attack-pattern'),
  29.         Filter('id', 'in', [r.target_ref for r in software_uses])
  30.     ])
  31.    
  32.  
  33. groups = get_group_by_alias(fs)
  34.  
  35. for group in groups:
  36.     techniques = get_techniques_by_group_software(fs, group)
  37.     for technique in techniques:
  38.         print group['name'] + "," + technique['name']
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top