# Set working directory

In [2]:
import os
cwd = os.path.split(os.getcwd())
if cwd[-1] == 'tutorials':
    os.chdir('..')
    print(f'Changed directory to {os.getcwd()}')
!python --version

Python 3.7.4


# Import modules

In [3]:
from download_threat_information.download_threat_data import _download_attack, _download_capec, _download_cwe, _download_cve, main
from download_threat_information.parsing_scripts.parse_attack_tactic_technique import link_tactic_techniques
from download_threat_information.parsing_scripts.parse_cve import parse_cve_file
from download_threat_information.parsing_scripts.parse_capec_cwe import parse_capec_cwe_files

# Download threat data

The threat data from MITRE and NIST need to be downloaded and parsed before building BRON. To download the threat data, run the following command:
```
python download_threat_information/download_threat_data.py --threat_data_type THREAT_DATA_TYPE (optional) --only_recent_cves (optional)
```
Not adding either of the optional arguments downloads data for all threat data types and all CVE data from 1999-2020 inclusive. To download threat data for only one threat data type, add the argument `--threat_data_type` and the name of the data type. `THREAT_DATA_TYPE` can be either 'ATTACK', 'CAPEC', 'CWE', or 'CVE'. To download only recent CVE data from 2015-2020 inclusive, add the argument `--only_recent_cves`.

In this tutorial, we download threat data for all threat data types and all CVE data from 1999-2020. Note that the years start at 2002 because the CVE data from 1999-2002 are all contained in the CVE data from 2002.

In [4]:
cve_years = ['2002', '2003', '2004', '2005', '2006', '2007', '2008', '2009', '2010', '2011',
             '2012', '2013', '2014', '2015', '2016', '2017', '2018', '2019', '2020']
main(cve_years)

# Parse ATT&CK Tactic and Technique data

To parse the ATT&CK Tactic and Technique data, run the following command:
```
python download_threat_information/parsing_scripts/parse_attack_tactic_technique.py --filename FILENAME --save_path SAVE_PATH
```
`FILENAME` is the file path to `raw_enterprise_attack.json`, and `SAVE_PATH` is the folder path to save parsed threat data.

In [5]:
filename = 'download_threat_information/raw_enterprise_attack.json'
out_path = 'download_threat_information'
link_tactic_techniques(filename, out_path)

# Parse Vulnerability (CVE) data

To parse the Vulnerability data, run the following command:
```
python download_threat_information/parsing_scripts/parse_cve.py --cve_path CVE_PATH --save_path SAVE_PATH --only_recent_cves (optional)
```
`CVE_PATH` is the file path to `raw_CVE.json.gz`, and `SAVE_PATH` is the folder path to save parsed threat data. If the CVE data use only recent CVEs from 2015-2020, then add the argument `--only_recent_cves`. The folder to save parsed Vulnerability data should be the same folder that contains parsed Tactic and Technique data.

In [6]:
cve_path = 'download_threat_information/raw_CVE.json.gz'
save_path = 'download_threat_information'
only_recent_cves = False
if only_recent_cves:
    save_path_file = "cve_map_cpe_cwe_score_2015_2020.json"
else:
    save_path_file = "cve_map_cpe_cwe_score.json"
save_file = os.path.join(save_path, save_path_file)
parse_cve_file(cve_path, save_file)

# Parse Attack Pattern (CAPEC) and Weakness (CWE) data

To parse the Attack Pattern and Weakness data, run the following command:
```
python download_threat_information/parsing_scripts/parse_capec_cwe.py --capec_file CAPEC_FILE --cwe_file CWE_FILE --save_path SAVE_PATH
```
`CAPEC_FILE` is the file path to `raw_CAPEC.json`, `CWE_FILE` is the file path to `raw_CWE.zip`, and `SAVE_PATH` is the folder path to save parsed threat data. The folder to save parsed Attack Pattern and Weakness data should be the same folder that contains parsed Tactic and Technique data.

In [7]:
capec_file = 'download_threat_information/raw_CAPEC.json'
cwe_file = 'download_threat_information/raw_CWE.zip'
save_path = 'download_threat_information'
parse_capec_cwe_files(capec_file, cwe_file, save_path)