| """MITRE ATT&CK knowledge base for Shield Agents.""" |
|
|
| MITRE_TECHNIQUES = { |
| "T1190": { |
| "name": "Exploit Public-Facing Application", |
| "tactic": "Initial Access", |
| "description": "Adversaries may exploit weaknesses in public-facing applications.", |
| }, |
| "T1059": { |
| "name": "Command and Scripting Interpreter", |
| "tactic": "Execution", |
| "description": "Adversaries may abuse command and script interpreters.", |
| }, |
| "T1078": { |
| "name": "Valid Accounts", |
| "tactic": "Defense Evasion", |
| "description": "Adversaries may use stolen credentials.", |
| }, |
| "T1110": { |
| "name": "Brute Force", |
| "tactic": "Credential Access", |
| "description": "Adversaries may use brute force techniques.", |
| }, |
| "T1053": { |
| "name": "Scheduled Task/Job", |
| "tactic": "Execution", |
| "description": "Adversaries may abuse task scheduling.", |
| }, |
| "T1041": { |
| "name": "Exfiltration Over C2 Channel", |
| "tactic": "Exfiltration", |
| "description": "Adversaries may steal data through C2 channel.", |
| }, |
| "T1566": { |
| "name": "Phishing", |
| "tactic": "Initial Access", |
| "description": "Adversaries may use phishing to gain access.", |
| }, |
| "T1071": { |
| "name": "Application Layer Protocol", |
| "tactic": "Command and Control", |
| "description": "Adversaries may use application layer protocols for C2.", |
| }, |
| } |
|
|
|
|
| def get_mitre_technique(vulnerability_type: str) -> dict: |
| """Get MITRE ATT&CK technique for a vulnerability type.""" |
| mapping = { |
| "sql_injection": "T1190", |
| "xss": "T1190", |
| "command_injection": "T1059", |
| "credential_theft": "T1110", |
| "brute_force": "T1110", |
| "phishing": "T1566", |
| "exfiltration": "T1041", |
| "c2_communication": "T1071", |
| "injection": "T1190", |
| } |
| tech_id = mapping.get(vulnerability_type.lower(), "T1190") |
| return MITRE_TECHNIQUES.get(tech_id, MITRE_TECHNIQUES["T1190"]) |
|
|