ICS Data Compoments are now part of the data sources enrichment featu…

…re on techniques. Fixed #57.
OTRF · Jul 5, 2022 · a885bef · a885bef
1 parent 8b49abd
commit a885bef
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 7 deletions.
diff --git a/attackcti/attack_api.py b/attackcti/attack_api.py
@@ -822,6 +822,20 @@ def get_ics_techniques(self, skip_revoked_deprecated=True, include_subtechniques
             ics_techniques = self.translate_stix_objects(ics_techniques)
         return ics_techniques
 
+    def get_ics_data_components(self, stix_format=True):
+        """ Extracts all the available data components STIX objects in the ICS ATT&CK matrix
+
+        Args:
+            stix_format (bool):  Returns results in original STIX format or friendly syntax (e.g. 'attack-pattern' or 'technique')
+        
+        Returns:
+            List of STIX objects
+        """
+        ics_data_components = self.TC_ICS_SOURCE.query(Filter("type", "=", "x-mitre-data-component"))
+        if not stix_format:
+            ics_data_components = self.translate_stix_objects(ics_data_components)
+        return ics_data_components
+
     def get_ics_mitigations(self, stix_format=True):
         """ Extracts all the available mitigations STIX objects in the ICS ATT&CK matrix
 
@@ -902,6 +916,23 @@ def get_ics_tactics(self, stix_format=True):
             ics_tactics = self.translate_stix_objects(ics_tactics)
         return ics_tactics
 
+    def get_ics_data_sources(self, include_data_components=False, stix_format=True):
+        """ Extracts all the available data source STIX objects availalbe in the ICS ATT&CK matrix. This function filters all STIX objects by the type x-mitre-data-source.
+
+        Args:
+            stix_format (bool):  Returns results in original STIX format or friendly syntax (e.g. 'attack-pattern' or 'technique')
+        
+        Returns:
+            List of STIX objects
+        """
+        ics_data_sources = self.TC_ICS_SOURCE.query(Filter("type", "=", "x-mitre-data-source"))
+        if include_data_components:
+            for ds in ics_data_sources:
+                ds['data_components']= self.get_data_components_by_data_source(ds)
+        if not stix_format:
+            ics_data_sources = self.translate_stix_objects(ics_data_sources)
+        return ics_data_sources
+
     # ******** Get All Functions ********
     def get_stix_objects(self, stix_format=True):
         attack_stix_objects = dict()
@@ -997,14 +1028,14 @@ def get_data_components(self, skip_revoked_deprecated=True, stix_format=True):
             stix_format (bool):  Returns results in original STIX format or friendly syntax (e.g. 'attack-pattern' or 'technique')
         """
         enterprise_data_components = self.get_enterprise_data_components()
-        '''mobile_data_components = self.get_mobile_data_components()
         ics_data_components = self.get_ics_data_components()
+        '''mobile_data_components = self.get_mobile_data_components()
         for mdc in mobile_data_components:
             if mdc not in enterprise_data_components:
-                enterprise_data_components.append(mdc)
+                enterprise_data_components.append(mdc)'''
         for idc in ics_data_components:
             if idc not in enterprise_data_components:
-                enterprise_data_components.append(idc)'''
+                enterprise_data_components.append(idc)
 
         if skip_revoked_deprecated:
             enterprise_data_components = self.remove_revoked_deprecated(enterprise_data_components)
@@ -1104,15 +1135,21 @@ def get_data_sources(self, include_data_components=False, stix_format=True):
             List of STIX objects
         
         """
+        enterprise_data_sources = self.get_enterprise_data_sources(include_data_components)
+        ics_data_sources = self.get_ics_data_sources(include_data_components)
+        for ds in ics_data_sources:
+            if ds not in enterprise_data_sources:
+                enterprise_data_sources.append(ds)
+        '''
         if include_data_components:
             data_sources = self.get_enterprise_data_sources(include_data_components=True)
         else:
-            data_sources = self.get_enterprise_data_sources()
+            data_sources = self.get_enterprise_data_sources()'''
 
         if not stix_format:
-            data_sources = self.translate_stix_objects(data_sources)
+            enterprise_data_sources = self.translate_stix_objects(enterprise_data_sources)
 
-        return data_sources
+        return enterprise_data_sources
 
     # ******** Custom Functions ********
     def get_technique_by_name(self, name, case=True, stix_format=True):

diff --git a/setup.py b/setup.py
@@ -13,7 +13,7 @@
 
 setup(
     name="attackcti",
-    version="0.3.6",
+    version="0.3.7",
     author="Roberto Rodriguez",
     description="MITRE ATTACK CTI Python Libary",
     long_description=long_description,