Spaces:
Sleeping
Sleeping
| from mitreattack.stix20 import MitreAttackData | |
| from pprint import pprint | |
| import requests | |
| import json | |
| import os | |
| def download_enterprise_attack_data(): | |
| """Download the latest Enterprise ATT&CK STIX data from MITRE's GitHub repository.""" | |
| url = "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json" | |
| filename = "mitre_data/enterprise-attack.json" | |
| print("Downloading Enterprise ATT&CK data...") | |
| try: | |
| response = requests.get(url, timeout=30) | |
| response.raise_for_status() | |
| with open(filename, "w", encoding="utf-8") as f: | |
| f.write(response.text) | |
| print(f"β Successfully downloaded {filename}") | |
| return filename | |
| except requests.exceptions.RequestException as e: | |
| print(f"β Error downloading data: {e}") | |
| return None | |
| def main(): | |
| if not os.path.exists("mitre_data"): | |
| os.makedirs("mitre_data") | |
| if not os.path.exists("mitre_data/techniques.json"): | |
| download_enterprise_attack_data() | |
| # Initialize the data | |
| mitre_attack_data = MitreAttackData("mitre_data/enterprise-attack.json") | |
| # Get all techniques | |
| techniques = mitre_attack_data.get_techniques(remove_revoked_deprecated=True) | |
| # Extract important fields for each technique | |
| technique_data = [] | |
| for technique in techniques: | |
| # Get the ATT&CK ID from external references | |
| attack_id = None | |
| if "external_references" in technique: | |
| for ref in technique["external_references"]: | |
| if ref.get("source_name") == "mitre-attack": | |
| attack_id = ref.get("external_id") | |
| break | |
| # Extract important fields | |
| tech_info = { | |
| "attack_id": attack_id, | |
| "name": technique.get("name"), | |
| "description": technique.get("description"), | |
| "is_subtechnique": technique.get("x_mitre_is_subtechnique", False), | |
| "platforms": technique.get("x_mitre_platforms", []), | |
| "tactics": [ | |
| phase.phase_name for phase in technique.get("kill_chain_phases", []) | |
| ], | |
| "detection": technique.get("x_mitre_detection", ""), | |
| "mitigations": [], | |
| } | |
| # get mitigations | |
| mitigations = mitre_attack_data.get_mitigations_mitigating_technique( | |
| technique.id | |
| ) | |
| for mitigation in mitigations: | |
| tech_info["mitigations"].append( | |
| f"{mitigation['object'].name}: {mitigation['object'].description}" | |
| ) | |
| technique_data.append(tech_info) | |
| print(f"Extracted {len(technique_data)} techniques") | |
| with open("mitre_data/techniques.json", "w", encoding="utf-8") as f: | |
| json.dump(technique_data, f, indent=4, ensure_ascii=False) | |
| print("Techniques saved to mitre_data/techniques.json") | |
| if __name__ == "__main__": | |
| main() | |