From 9788a65e6e9f53bba05719290889edc4a70f3e01 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Wed, 27 Dec 2023 23:18:50 +0900 Subject: [PATCH 1/4] feat: add RuleTitle --- src/takajopkg/ttpVisualize.nim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/takajopkg/ttpVisualize.nim b/src/takajopkg/ttpVisualize.nim index 6799c5e..e1a06f1 100644 --- a/src/takajopkg/ttpVisualize.nim +++ b/src/takajopkg/ttpVisualize.nim @@ -32,7 +32,7 @@ proc ttpVisualize(output: string = "mitre-attack-navigator.json", quiet: bool = let jsonLine = parseJson(line) try: for tag in jsonLine["MitreTags"]: - stackedMitreTags.add({"techniqueID": tag.getStr(), "color": "#fd8d3c"}.newTable) + stackedMitreTags.add({"techniqueID": tag.getStr(), "color": "#fd8d3c", "comment": jsonLine["RuleTitle"].getStr()}.newTable) except CatchableError: continue From 3f02942594728dbb27db47b7aab51dfa3afa6797 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Thu, 28 Dec 2023 08:18:22 +0900 Subject: [PATCH 2/4] update changelog --- CHANGELOG-Japanese.md | 6 ++++++ CHANGELOG.md | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 41f96bf..e700f47 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,5 +1,11 @@ # 変更点 +## 2.x.x [xxxx/xx/xx] + +**Enhancements:** + +- In the `ttp-visualize` command, the name of the rule that detected the technique will now be shown in the comment when hovering over the technique in MITRE ATT&CK Navigator. (#82) (@fukusuket) + ## 2.3.0 [2023/12/23] - SECCON Christmas Release **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 4dfaf64..e75bccc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changes +## 2.x.x [xxxx/xx/xx] + +**Enhancements:** + +- In the `ttp-visualize` command, the name of the rule that detected the technique will now be shown in the comment when hovering over the technique in MITRE ATT&CK Navigator. (#82) (@fukusuket) + ## 2.3.0 [2023/12/23] - SECCON Christmas Release **New Features:** From 60d4c5dc971ce86711f5b6ddad050c5b7f6b58ef Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Thu, 28 Dec 2023 11:03:37 +0900 Subject: [PATCH 3/4] doc: update japanese change log. --- CHANGELOG-Japanese.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index e700f47..5bfd8de 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -2,9 +2,9 @@ ## 2.x.x [xxxx/xx/xx] -**Enhancements:** +**改善:** -- In the `ttp-visualize` command, the name of the rule that detected the technique will now be shown in the comment when hovering over the technique in MITRE ATT&CK Navigator. (#82) (@fukusuket) +- `ttp-visualize` コマンドで、MITRE ATT&CK Navigator上のテクニックをマウスオーバーしたときに、検知ルール名が表示されるようした。(#82) (@fukusuket) ## 2.3.0 [2023/12/23] - SECCON Christmas Release From d54ec17b6a17d7c1d8c9483af2d893a30f6805df Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Thu, 28 Dec 2023 11:32:57 +0900 Subject: [PATCH 4/4] chg: add comment when multiple detection --- src/takajopkg/ttpVisualize.nim | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/takajopkg/ttpVisualize.nim b/src/takajopkg/ttpVisualize.nim index e1a06f1..94e142a 100644 --- a/src/takajopkg/ttpVisualize.nim +++ b/src/takajopkg/ttpVisualize.nim @@ -21,7 +21,8 @@ proc ttpVisualize(output: string = "mitre-attack-navigator.json", quiet: bool = var bar: SuruBar = initSuruBar() - stackedMitreTags = newSeq[TableRef[string, string]]() + stackedMitreTags = initTable[string, string]() + bar[0].total = totalLines bar.setup() @@ -32,7 +33,12 @@ proc ttpVisualize(output: string = "mitre-attack-navigator.json", quiet: bool = let jsonLine = parseJson(line) try: for tag in jsonLine["MitreTags"]: - stackedMitreTags.add({"techniqueID": tag.getStr(), "color": "#fd8d3c", "comment": jsonLine["RuleTitle"].getStr()}.newTable) + let techniqueID = tag.getStr() + let ruleTitle = strip(jsonLine["RuleTitle"].getStr()) + if stackedMitreTags.hasKey(techniqueID) and ruleTitle notin stackedMitreTags[techniqueID]: + stackedMitreTags[techniqueID] = stackedMitreTags[techniqueID] & "," & ruleTitle + else: + stackedMitreTags[techniqueID] = ruleTitle except CatchableError: continue @@ -42,6 +48,9 @@ proc ttpVisualize(output: string = "mitre-attack-navigator.json", quiet: bool = echo "No MITRE ATT&CK tags were found in the Hayabusa results." echo "Please run your Hayabusa scan with a profile that includes the %MitreTags% field. (ex: -p verbose)" else: + var mitreTags = newSeq[TableRef[string, string]]() + for techniqueID, ruleTitle in stackedMitreTags: + mitreTags.add({"techniqueID": techniqueID, "comment": ruleTitle, "color": "#fd8d3c"}.newTable) let jsonObj = %* { "name": "Hayabusa detection result heatmap", "versions": { @@ -51,7 +60,7 @@ proc ttpVisualize(output: string = "mitre-attack-navigator.json", quiet: bool = }, "domain": "enterprise-attack", "description": "Hayabusa detection result heatmap", - "techniques": stackedMitreTags + "techniques": mitreTags } let outputFile = open(output, FileMode.fmWrite)