diff --git a/DESCRIPTION b/DESCRIPTION index 854e9ee..26dfcd7 100644 --- a/DESCRIPTION +++ b/DESCRIPTION @@ -40,4 +40,4 @@ Imports: stringi, rmarkdown Roxygen: list(markdown = TRUE) -RoxygenNote: 6.1.1 +RoxygenNote: 7.1.0 diff --git a/R/data-docs.R b/R/data-docs.R index 1edd29d..400fc52 100644 --- a/R/data-docs.R +++ b/R/data-docs.R @@ -4,7 +4,7 @@ #' @title Enterprise Attack Taxonomy v2.0 #' @name enterprise_attack #' @note Id: `bundle--83dad14b-ae53-4473-9f95-5ae37c8eaa5d` -#' @note Last updated: 2019-10-24 +#' @note Last updated: 2020-06-17 #' @references #' @docType data NULL @@ -12,7 +12,7 @@ NULL #' @title Mobile Attack Taxonomy v2.0 #' @name mobile_attack #' @note Id: `bundle--d22f39d8-4fa0-4557-a925-1d7bbaffaa46` -#' @note Last updated: 2019-10-24 +#' @note Last updated: 2020-06-17 #' @references #' @docType data NULL @@ -20,19 +20,19 @@ NULL #' @title Pre-Attack Taxonomy v2.0 #' @name pre_attack #' @note Id: `bundle--803f51fd-e986-493c-9ab1-0b33b42a4dec` -#' @note Last updated: 2019-10-24 +#' @note Last updated: 2020-06-17 #' @references #' @docType data NULL #' @title Combined ATT&CK Matricies Tactics, Techniques and Technique detail #' @name tidy_attack -#' @note Last updated: 2019-10-24 +#' @note Last updated: 2020-06-17 #' @docType data NULL #' @title Tactics factors (generally for sorting & pretty-printing) #' @name tactics_f -#' @note Last updated: 2019-10-24 +#' @note Last updated: 2020-06-17 #' @docType data NULL \ No newline at end of file diff --git a/data-raw/enterprise-attack.json.xz b/data-raw/enterprise-attack.json.xz index ee9d5e0..a9b04c1 100644 Binary files a/data-raw/enterprise-attack.json.xz and b/data-raw/enterprise-attack.json.xz differ diff --git a/data-raw/mobile-attack.json.xz b/data-raw/mobile-attack.json.xz index c77eea7..8f5583a 100644 Binary files a/data-raw/mobile-attack.json.xz and b/data-raw/mobile-attack.json.xz differ diff --git a/data-raw/pre-attack.json.xz b/data-raw/pre-attack.json.xz index 9bb586f..54044f8 100644 Binary files a/data-raw/pre-attack.json.xz and b/data-raw/pre-attack.json.xz differ diff --git a/data/enterprise_attack.rda b/data/enterprise_attack.rda index 7437d6e..e737ed2 100644 Binary files a/data/enterprise_attack.rda and b/data/enterprise_attack.rda differ diff --git a/data/mobile_attack.rda b/data/mobile_attack.rda index 429ad8d..fe5c505 100644 Binary files a/data/mobile_attack.rda and b/data/mobile_attack.rda differ diff --git a/data/pre_attack.rda b/data/pre_attack.rda index cd736fd..4d20303 100644 Binary files a/data/pre_attack.rda and b/data/pre_attack.rda differ diff --git a/data/tactics_f.rda b/data/tactics_f.rda index f97fcde..0c0a9ba 100644 Binary files a/data/tactics_f.rda and b/data/tactics_f.rda differ diff --git a/data/tidy_attack.rda b/data/tidy_attack.rda index 5fa9c8a..36c2c54 100644 Binary files a/data/tidy_attack.rda and b/data/tidy_attack.rda differ diff --git a/man/attck_cdf_tactic.Rd b/man/attck_cdf_tactic.Rd index 2118362..01b4725 100644 --- a/man/attck_cdf_tactic.Rd +++ b/man/attck_cdf_tactic.Rd @@ -4,8 +4,7 @@ \alias{attck_cdf_tactic} \title{Product an ATT&CK Cumulative Distribution Function by Tactic} \usage{ -attck_cdf_tactic(xdf, input = NULL, output = NULL, matrix = NULL, - ...) +attck_cdf_tactic(xdf, input = NULL, output = NULL, matrix = NULL, ...) } \arguments{ \item{xdf}{a data frame with \code{tactic}, \code{technique} and \code{value} columns. diff --git a/man/attck_map.Rd b/man/attck_map.Rd index 026b7ba..b259650 100644 --- a/man/attck_map.Rd +++ b/man/attck_map.Rd @@ -4,9 +4,18 @@ \alias{attck_map} \title{Generate an ATT&CK heatmap} \usage{ -attck_map(xdf, input = NULL, output = NULL, matrix = NULL, - tile_col = "white", tile_size = 0.5, dark_lab = "white", - light_lab = "black", dark_value_threshold = NULL, ...) +attck_map( + xdf, + input = NULL, + output = NULL, + matrix = NULL, + tile_col = "white", + tile_size = 0.5, + dark_lab = "white", + light_lab = "black", + dark_value_threshold = NULL, + ... +) } \arguments{ \item{xdf}{a data frame with \code{tactic}, \code{technique} and \code{value} columns. diff --git a/man/enterprise_attack.Rd b/man/enterprise_attack.Rd index cb30ba2..85c9090 100644 --- a/man/enterprise_attack.Rd +++ b/man/enterprise_attack.Rd @@ -8,9 +8,9 @@ Enterprise Attack Taxonomy v2.0 } \note{ -Id: \code{bundle--83dad14b-ae53-4473-9f95-5ae37c8eaa5d} +Id: \verb{bundle--83dad14b-ae53-4473-9f95-5ae37c8eaa5d} -Last updated: 2019-10-24 +Last updated: 2020-06-17 } \references{ \url{https://github.com/mitre/cti/raw/master/enterprise-attack/enterprise-attack.json} diff --git a/man/fct_tactic.Rd b/man/fct_tactic.Rd index e174a07..d61804b 100644 --- a/man/fct_tactic.Rd +++ b/man/fct_tactic.Rd @@ -4,9 +4,12 @@ \alias{fct_tactic} \title{Make an ordered Tactics factor with optional better labelling} \usage{ -fct_tactic(tactics, input = c("id", "pretty", "nl", "taid"), - output = c("pretty", "nl", "id", "taid"), matrix = c("enterprise", - "mobile", "pre")) +fct_tactic( + tactics, + input = c("id", "pretty", "nl", "taid"), + output = c("pretty", "nl", "id", "taid"), + matrix = c("enterprise", "mobile", "pre") +) } \arguments{ \item{tactics}{a character vector} @@ -25,8 +28,8 @@ You may receive Tatics encoded in one of many forms, including: \itemize{ \item \code{taid} (Tactic ID) the official MITRE ATT&CK tactic id (e.g. "\code{TA0001}") \item \code{id} (Tactic text id) lowercase-dashed name (e.g. "\code{initial-access}") -\item \code{pretty} (Tactic text) Upper/lowercase name suitable for display (e.g. "\code{Initial Access}") -\item \code{nl} (Tactic text) same as ^ but w/newlines for space constrained display (e.g. "\code{Initial\\nAccess}") +\item \code{pretty} (Tactic text) Upper/lowercase name suitable for display (e.g. "\verb{Initial Access}") +\item \code{nl} (Tactic text) same as ^ but w/newlines for space constrained display (e.g. "\verb{Initial\\\\nAccess}") } } \examples{ diff --git a/man/mobile_attack.Rd b/man/mobile_attack.Rd index 1e99170..0dd7b59 100644 --- a/man/mobile_attack.Rd +++ b/man/mobile_attack.Rd @@ -8,9 +8,9 @@ Mobile Attack Taxonomy v2.0 } \note{ -Id: \code{bundle--d22f39d8-4fa0-4557-a925-1d7bbaffaa46} +Id: \verb{bundle--d22f39d8-4fa0-4557-a925-1d7bbaffaa46} -Last updated: 2019-10-24 +Last updated: 2020-06-17 } \references{ \url{https://github.com/mitre/cti/raw/master/mobile-attack/mobile-attack.json} diff --git a/man/pre_attack.Rd b/man/pre_attack.Rd index bc01b01..68b5ffa 100644 --- a/man/pre_attack.Rd +++ b/man/pre_attack.Rd @@ -8,9 +8,9 @@ Pre-Attack Taxonomy v2.0 } \note{ -Id: \code{bundle--803f51fd-e986-493c-9ab1-0b33b42a4dec} +Id: \verb{bundle--803f51fd-e986-493c-9ab1-0b33b42a4dec} -Last updated: 2019-10-24 +Last updated: 2020-06-17 } \references{ \url{https://github.com/mitre/cti/raw/master/pre-attack/pre-attack.json} diff --git a/man/read_events.Rd b/man/read_events.Rd index 3920013..7fb962b 100644 --- a/man/read_events.Rd +++ b/man/read_events.Rd @@ -46,7 +46,7 @@ combination of \code{event_id} and \code{incident_id}. You can think of \code{discovery_source} & \code{reporting_source} this way: say the Windows Event Log captured the evidence of a failed (or successful) local admin logon event. It passes that on to your centralized logging -facility and/or your SIEM. You can make \code{discovery_source} "\code{Windows Event Log}" +facility and/or your SIEM. You can make \code{discovery_source} "\verb{Windows Event Log}" and \code{reporting_source} whichever technology you used. Any column not-present will be turned into \code{NA}. Columns not matching the diff --git a/man/tactics_f.Rd b/man/tactics_f.Rd index 81a77f3..53462e2 100644 --- a/man/tactics_f.Rd +++ b/man/tactics_f.Rd @@ -8,5 +8,5 @@ Tactics factors (generally for sorting & pretty-printing) } \note{ -Last updated: 2019-10-24 +Last updated: 2020-06-17 } diff --git a/man/tidy_attack.Rd b/man/tidy_attack.Rd index d752819..be323d8 100644 --- a/man/tidy_attack.Rd +++ b/man/tidy_attack.Rd @@ -8,5 +8,5 @@ Combined ATT&CK Matricies Tactics, Techniques and Technique detail } \note{ -Last updated: 2019-10-24 +Last updated: 2020-06-17 } diff --git a/man/validate_tactics.Rd b/man/validate_tactics.Rd index 18582f4..ccfb227 100644 --- a/man/validate_tactics.Rd +++ b/man/validate_tactics.Rd @@ -4,8 +4,11 @@ \alias{validate_tactics} \title{Validate Tactics strings against MITRE authoritative source} \usage{ -validate_tactics(tactics, matrix = c("enterprise", "mobile", "pre"), - na_rm = TRUE) +validate_tactics( + tactics, + matrix = c("enterprise", "mobile", "pre"), + na_rm = TRUE +) } \arguments{ \item{tactics}{a character vector of tactic strings to validate. This will be diff --git a/man/validate_technique_ids.Rd b/man/validate_technique_ids.Rd index f0131e7..981e391 100644 --- a/man/validate_technique_ids.Rd +++ b/man/validate_technique_ids.Rd @@ -4,8 +4,11 @@ \alias{validate_technique_ids} \title{Validate Technique IDs} \usage{ -validate_technique_ids(technique_ids, matrix = c("enterprise", "mobile", - "pre"), na_rm = TRUE) +validate_technique_ids( + technique_ids, + matrix = c("enterprise", "mobile", "pre"), + na_rm = TRUE +) } \arguments{ \item{technique_ids}{a character vector of technique ids to validate} diff --git a/man/validate_techniques.Rd b/man/validate_techniques.Rd index 5a8ebdc..18e49de 100644 --- a/man/validate_techniques.Rd +++ b/man/validate_techniques.Rd @@ -4,8 +4,12 @@ \alias{validate_techniques} \title{Validate Techniques strings against MITRE authoritative source} \usage{ -validate_techniques(techniques, matrix = c("enterprise", "mobile", - "pre"), ignore_case = FALSE, na_rm = TRUE) +validate_techniques( + techniques, + matrix = c("enterprise", "mobile", "pre"), + ignore_case = FALSE, + na_rm = TRUE +) } \arguments{ \item{matrix}{which matrix to use when validating?} diff --git a/tools/update-framework.R b/tools/update-framework.R index 49de54e..dfe7468 100644 --- a/tools/update-framework.R +++ b/tools/update-framework.R @@ -175,6 +175,11 @@ tactics_f[["mitre-attack"]] <- ent_tac tactics_f[["mitre-pre-attack"]] <- pre_tac tactics_f[["mitre-mobile-attack"]] <- mob_tac +# Mitigations ------------------------------------------------------------- + +et_tbl <- read_html("https://attack.mitre.org/tactics/enterprise/") %>% html_nodes("table") + + # Save it all out --------------------------------------------------------- usethis::use_data(