# Create AMITT website sql

Creates the sqlite file used as a datasource in the AMITT website tests. 

In [2]:
# Get AMITT variables

import pandas as pd
import sqlite3 as sql
from generate_amitt_ttps import Amitt
pd.set_option('display.max_rows', 1000)


# Generate AMITT datasets
amitt = Amitt()

# Check which amitt variables we can see from here
print('{}'.format(vars(amitt).keys()))
vars(amitt)['cross_counterid_techniqueid']

dict_keys(['df_phases', 'df_frameworks', 'df_techniques', 'df_tasks', 'df_incidents', 'df_counters', 'df_detections', 'df_actortypes', 'df_resources', 'df_responsetypes', 'df_metatechniques', 'it', 'df_tactics', 'df_techniques_per_tactic', 'df_counters_per_tactic', 'phases', 'tactics', 'techniques', 'counters', 'metatechniques', 'actortypes', 'resources', 'num_tactics', 'cross_counterid_techniqueid', 'cross_counterid_resourceid', 'cross_counterid_actortypeid', 'cross_detectionid_techniqueid', 'cross_detectionid_resourceid', 'cross_detectionid_actortypeid'])


Unnamed: 0,amitt_id,technique_id
0,C00006,T0007
0,C00006,T0015
0,C00006,T0018
0,C00006,T0043
0,C00006,T0053
0,C00006,T0054
0,C00006,
1,C00008,T0001
1,C00008,T0002
1,C00008,T0003


In [3]:
vars(amitt)['df_detections']

Unnamed: 0,amitt_id,name,metatechnique,summary,actors,resources_needed,how_found,references,incidents,tactic,responsetype,notes,techniques,longname,tactic_id,tactic_name
0,F00001,Analyse aborted / failed campaigns,,Examine failed campaigns. How did they fail? C...,,,2019-11-workshop,,,TA01 Strategic Planning,D1 Detect,,All,F00001 - Analyse aborted / failed campaigns,TA01,Strategic Planning
1,F00002,Analyse viral fizzle,,,,,2019-11-workshop,,,TA01 Strategic Planning,D1 Detect,,T0049 - Flooding\nT0052 - Tertiary sites ampli...,F00002 - Analyse viral fizzle,TA01,Strategic Planning
2,F00003,Exploit counter-intelligence vs bad actors,,,,,2019-11-workshop,,,TA01 Strategic Planning,D1 Detect,,TA06 - Develop Content\nTA08 - Pump Priming\nT...,F00003 - Exploit counter-intelligence vs bad a...,TA01,Strategic Planning
3,F00004,"Recruit like-minded converts ""people who used ...",,,,,2019-11-workshop,,,TA01 Strategic Planning,D1 Detect,,T0057 - Organise remote rallies and events\nT0...,"F00004 - Recruit like-minded converts ""people ...",TA01,Strategic Planning
4,F00005,SWOT Analysis of Cognition in Various Groups,,,,,2019-11-workshop,,,TA01 Strategic Planning,D1 Detect,,All,F00005 - SWOT Analysis of Cognition in Various...,TA01,Strategic Planning
5,F00006,SWOT analysis of tech platforms,,,,,2019-11-workshop,,,TA01 Strategic Planning,D1 Detect,,TA05 - Microtargeting\nTA07 - Channel Selectio...,F00006 - SWOT analysis of tech platforms,TA01,Strategic Planning
6,F00007,Monitor account level activity in social networks,,,,,2019-11-workshop,,,TA02 Objective Planning,D1 Detect,,All,F00007 - Monitor account level activity in soc...,TA02,Objective Planning
7,F00008,Detect abnormal amplification,,,,,2019-11-workshop,,,TA03 Develop People,D1 Detect,,T0052 - Tertiary sites amplify news\nT0053 - T...,F00008 - Detect abnormal amplification,TA03,Develop People
8,F00009,Detect abnormal events,,,,,2019-11-workshop,,,TA03 Develop People,D1 Detect,,T0007 - Create fake Social Media Profiles / Pa...,F00009 - Detect abnormal events,TA03,Develop People
9,F00010,Detect abnormal groups,,,,,2019-11-workshop,,,TA03 Develop People,D1 Detect,,T0007 - Create fake Social Media Profiles / Pa...,F00010 - Detect abnormal groups,TA03,Develop People


In [3]:
# Generate minimal sqlite database from the Amitt variables
conn = sql.connect('amittsite.sqlite')

def add_table(dataframe, tablename, columns):    
    # Create sql table
    colnames = ', '.join(['{} TEXT NOT NULL'.format(col) for col in columns])
    conn.execute("DROP TABLE IF EXISTS {}".format(tablename))
    conn.execute('''CREATE TABLE {} (id INTEGER PRIMARY KEY AUTOINCREMENT, {});'''.format(tablename, colnames))
    #populate table from dataframe
    newtable = dataframe[columns].copy().applymap(str)
    newtable['id'] = range(1,len(newtable)+1)
    newtable.to_sql(tablename, conn, index=False, if_exists='append')
    conn.commit()
    return newtable

def object_tactics_techniques(objectcol, objecttable, crosstable):
    # objects to techniques
    ctech = crosstable.copy()
    ctech = ctech[(ctech['technique_id'] != '') & (~ctech['technique_id'].str.startswith('TA'))]
    ctech.rename(columns={'amitt_id':objectcol}, inplace=True)
    ctech['summary'] = 'N/A'

    # objects to tactics
    ctact = crosstable[crosstable['technique_id'].str.startswith('TA')].copy()
    ctact.rename(columns={'amitt_id':objectcol, 'technique_id': 'tactic_id'}, inplace=True)
    ctact['main_tactic'] = 'N'
    ctactmain = objecttable[['amitt_id', 'tactic_id']].copy()
    ctactmain.rename(columns={'amitt_id':objectcol}, inplace=True)
    ctactmain['main_tactic'] = 'Y'
    ctact = pd.concat([ctact, ctactmain], ignore_index=True, sort=False)
    ctact['summary'] = 'N/A'
    return(ctech, ctact)

#newtable = add_table(amitt.df_actortypes, 'actor_type', ['amitt_id', 'sector_id', 'framework_id', 'name', 'summary'])
# counter
newtable = add_table(amitt.df_counters, 'counter', ['amitt_id', 'tactic_id', 'metatechnique_id', 'name', 'summary'])
newtable = add_table(amitt.df_detections, 'detection', ['amitt_id', 'tactic_id', 'name', 'summary'])
# dataset
newtable = add_table(amitt.df_frameworks, 'framework', ['amitt_id', 'name', 'summary'])
# incident
# metatechnique
newtable = add_table(amitt.df_metatechniques, 'metatechnique', ['amitt_id', 'name', 'summary'])
newtable = add_table(amitt.df_phases, 'phase', ['amitt_id', 'name', 'rank', 'summary'])
# playbook
# reference
# response_type
# sector
newtable = add_table(amitt.df_tactics, 'tactic', ['amitt_id', 'phase_id', 'name', 'rank', 'summary'])
newtable = add_table(amitt.df_tasks, 'task', ['amitt_id', 'tactic_id', 'framework_id', 'name', 'summary'])
newtable = add_table(amitt.df_techniques, 'technique', ['amitt_id', 'tactic_id', 'name', 'summary'])

(ctech, ctact) = object_tactics_techniques('counter_id', amitt.df_counters, amitt.cross_counterid_techniqueid)
newtable = add_table(ctech, 'counter_technique', ['counter_id', 'technique_id', 'summary'])
newtable = add_table(ctact, 'counter_tactic', ['counter_id', 'tactic_id', 'main_tactic', 'summary'])

(dtech, dtact) = object_tactics_techniques('detection_id', amitt.df_detections, amitt.cross_detectionid_techniqueid)
newtable = add_table(dtech, 'detection_technique', ['detection_id', 'technique_id', 'summary'])
newtable = add_table(dtact, 'detection_tactic', ['detection_id', 'tactic_id', 'main_tactic', 'summary'])

conn.execute("DROP TABLE IF EXISTS {}".format('user'))
conn.execute('''CREATE TABLE user (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL UNIQUE, password TEXT NOT NULL);''')

conn.close()
newtable

Unnamed: 0,detection_id,tactic_id,main_tactic,summary,id
0,F00003,TA06,N,,1
1,F00003,TA08,N,,2
2,F00003,TA09,N,,3
3,F00006,TA05,N,,4
4,F00006,TA07,N,,5
5,F00006,TA08,N,,6
6,F00006,TA09,N,,7
7,F00006,TA10,N,,8
8,F00006,TA11,N,,9
9,F00015,TA07,N,,10


In [4]:
dtech

Unnamed: 0,detection_id,technique_id,summary
0,F00001,All,
1,F00002,T0049,
1,F00002,T0052,
1,F00002,T0053,
1,F00002,T0054,
1,F00002,T0059,
1,F00002,T0060,
2,F00003,T0019,
2,F00003,T0021,
3,F00004,T0057,


In [5]:
dtact

Unnamed: 0,detection_id,tactic_id,main_tactic,summary
0,F00003,TA06,N,
1,F00003,TA08,N,
2,F00003,TA09,N,
3,F00006,TA05,N,
4,F00006,TA07,N,
5,F00006,TA08,N,
6,F00006,TA09,N,
7,F00006,TA10,N,
8,F00006,TA11,N,
9,F00015,TA07,N,
