Browse Source

attckr

master
boB Rudis 4 years ago
parent
commit
1fc2fd066f
No known key found for this signature in database GPG Key ID: 1D7529BE14E2BBA9
  1. 2
      DESCRIPTION
  2. 10
      R/data-docs.R
  3. BIN
      data-raw/enterprise-attack.json.xz
  4. BIN
      data-raw/mobile-attack.json.xz
  5. BIN
      data-raw/pre-attack.json.xz
  6. BIN
      data/enterprise_attack.rda
  7. BIN
      data/mobile_attack.rda
  8. BIN
      data/pre_attack.rda
  9. BIN
      data/tactics_f.rda
  10. BIN
      data/tidy_attack.rda
  11. 3
      man/attck_cdf_tactic.Rd
  12. 15
      man/attck_map.Rd
  13. 4
      man/enterprise_attack.Rd
  14. 13
      man/fct_tactic.Rd
  15. 4
      man/mobile_attack.Rd
  16. 4
      man/pre_attack.Rd
  17. 2
      man/read_events.Rd
  18. 2
      man/tactics_f.Rd
  19. 2
      man/tidy_attack.Rd
  20. 7
      man/validate_tactics.Rd
  21. 7
      man/validate_technique_ids.Rd
  22. 8
      man/validate_techniques.Rd
  23. 5
      tools/update-framework.R

2
DESCRIPTION

@ -40,4 +40,4 @@ Imports:
stringi,
rmarkdown
Roxygen: list(markdown = TRUE)
RoxygenNote: 6.1.1
RoxygenNote: 7.1.0

10
R/data-docs.R

@ -4,7 +4,7 @@
#' @title Enterprise Attack Taxonomy v2.0
#' @name enterprise_attack
#' @note Id: `bundle--83dad14b-ae53-4473-9f95-5ae37c8eaa5d`
#' @note Last updated: 2019-10-24
#' @note Last updated: 2020-06-17
#' @references <https://github.com/mitre/cti/raw/master/enterprise-attack/enterprise-attack.json>
#' @docType data
NULL
@ -12,7 +12,7 @@ NULL
#' @title Mobile Attack Taxonomy v2.0
#' @name mobile_attack
#' @note Id: `bundle--d22f39d8-4fa0-4557-a925-1d7bbaffaa46`
#' @note Last updated: 2019-10-24
#' @note Last updated: 2020-06-17
#' @references <https://github.com/mitre/cti/raw/master/mobile-attack/mobile-attack.json>
#' @docType data
NULL
@ -20,19 +20,19 @@ NULL
#' @title Pre-Attack Taxonomy v2.0
#' @name pre_attack
#' @note Id: `bundle--803f51fd-e986-493c-9ab1-0b33b42a4dec`
#' @note Last updated: 2019-10-24
#' @note Last updated: 2020-06-17
#' @references <https://github.com/mitre/cti/raw/master/pre-attack/pre-attack.json>
#' @docType data
NULL
#' @title Combined ATT&CK Matricies Tactics, Techniques and Technique detail
#' @name tidy_attack
#' @note Last updated: 2019-10-24
#' @note Last updated: 2020-06-17
#' @docType data
NULL
#' @title Tactics factors (generally for sorting & pretty-printing)
#' @name tactics_f
#' @note Last updated: 2019-10-24
#' @note Last updated: 2020-06-17
#' @docType data
NULL

BIN
data-raw/enterprise-attack.json.xz

Binary file not shown.

BIN
data-raw/mobile-attack.json.xz

Binary file not shown.

BIN
data-raw/pre-attack.json.xz

Binary file not shown.

BIN
data/enterprise_attack.rda

Binary file not shown.

BIN
data/mobile_attack.rda

Binary file not shown.

BIN
data/pre_attack.rda

Binary file not shown.

BIN
data/tactics_f.rda

Binary file not shown.

BIN
data/tidy_attack.rda

Binary file not shown.

3
man/attck_cdf_tactic.Rd

@ -4,8 +4,7 @@
\alias{attck_cdf_tactic}
\title{Product an ATT&CK Cumulative Distribution Function by Tactic}
\usage{
attck_cdf_tactic(xdf, input = NULL, output = NULL, matrix = NULL,
...)
attck_cdf_tactic(xdf, input = NULL, output = NULL, matrix = NULL, ...)
}
\arguments{
\item{xdf}{a data frame with \code{tactic}, \code{technique} and \code{value} columns.

15
man/attck_map.Rd

@ -4,9 +4,18 @@
\alias{attck_map}
\title{Generate an ATT&CK heatmap}
\usage{
attck_map(xdf, input = NULL, output = NULL, matrix = NULL,
tile_col = "white", tile_size = 0.5, dark_lab = "white",
light_lab = "black", dark_value_threshold = NULL, ...)
attck_map(
xdf,
input = NULL,
output = NULL,
matrix = NULL,
tile_col = "white",
tile_size = 0.5,
dark_lab = "white",
light_lab = "black",
dark_value_threshold = NULL,
...
)
}
\arguments{
\item{xdf}{a data frame with \code{tactic}, \code{technique} and \code{value} columns.

4
man/enterprise_attack.Rd

@ -8,9 +8,9 @@
Enterprise Attack Taxonomy v2.0
}
\note{
Id: \code{bundle--83dad14b-ae53-4473-9f95-5ae37c8eaa5d}
Id: \verb{bundle--83dad14b-ae53-4473-9f95-5ae37c8eaa5d}
Last updated: 2019-10-24
Last updated: 2020-06-17
}
\references{
\url{https://github.com/mitre/cti/raw/master/enterprise-attack/enterprise-attack.json}

13
man/fct_tactic.Rd

@ -4,9 +4,12 @@
\alias{fct_tactic}
\title{Make an ordered Tactics factor with optional better labelling}
\usage{
fct_tactic(tactics, input = c("id", "pretty", "nl", "taid"),
output = c("pretty", "nl", "id", "taid"), matrix = c("enterprise",
"mobile", "pre"))
fct_tactic(
tactics,
input = c("id", "pretty", "nl", "taid"),
output = c("pretty", "nl", "id", "taid"),
matrix = c("enterprise", "mobile", "pre")
)
}
\arguments{
\item{tactics}{a character vector}
@ -25,8 +28,8 @@ You may receive Tatics encoded in one of many forms, including:
\itemize{
\item \code{taid} (Tactic ID) the official MITRE ATT&CK tactic id (e.g. "\code{TA0001}")
\item \code{id} (Tactic text id) lowercase-dashed name (e.g. "\code{initial-access}")
\item \code{pretty} (Tactic text) Upper/lowercase name suitable for display (e.g. "\code{Initial Access}")
\item \code{nl} (Tactic text) same as ^ but w/newlines for space constrained display (e.g. "\code{Initial\\nAccess}")
\item \code{pretty} (Tactic text) Upper/lowercase name suitable for display (e.g. "\verb{Initial Access}")
\item \code{nl} (Tactic text) same as ^ but w/newlines for space constrained display (e.g. "\verb{Initial\\\\nAccess}")
}
}
\examples{

4
man/mobile_attack.Rd

@ -8,9 +8,9 @@
Mobile Attack Taxonomy v2.0
}
\note{
Id: \code{bundle--d22f39d8-4fa0-4557-a925-1d7bbaffaa46}
Id: \verb{bundle--d22f39d8-4fa0-4557-a925-1d7bbaffaa46}
Last updated: 2019-10-24
Last updated: 2020-06-17
}
\references{
\url{https://github.com/mitre/cti/raw/master/mobile-attack/mobile-attack.json}

4
man/pre_attack.Rd

@ -8,9 +8,9 @@
Pre-Attack Taxonomy v2.0
}
\note{
Id: \code{bundle--803f51fd-e986-493c-9ab1-0b33b42a4dec}
Id: \verb{bundle--803f51fd-e986-493c-9ab1-0b33b42a4dec}
Last updated: 2019-10-24
Last updated: 2020-06-17
}
\references{
\url{https://github.com/mitre/cti/raw/master/pre-attack/pre-attack.json}

2
man/read_events.Rd

@ -46,7 +46,7 @@ combination of \code{event_id} and \code{incident_id}.
You can think of \code{discovery_source} & \code{reporting_source} this way: say
the Windows Event Log captured the evidence of a failed (or successful)
local admin logon event. It passes that on to your centralized logging
facility and/or your SIEM. You can make \code{discovery_source} "\code{Windows Event Log}"
facility and/or your SIEM. You can make \code{discovery_source} "\verb{Windows Event Log}"
and \code{reporting_source} whichever technology you used.
Any column not-present will be turned into \code{NA}. Columns not matching the

2
man/tactics_f.Rd

@ -8,5 +8,5 @@
Tactics factors (generally for sorting & pretty-printing)
}
\note{
Last updated: 2019-10-24
Last updated: 2020-06-17
}

2
man/tidy_attack.Rd

@ -8,5 +8,5 @@
Combined ATT&CK Matricies Tactics, Techniques and Technique detail
}
\note{
Last updated: 2019-10-24
Last updated: 2020-06-17
}

7
man/validate_tactics.Rd

@ -4,8 +4,11 @@
\alias{validate_tactics}
\title{Validate Tactics strings against MITRE authoritative source}
\usage{
validate_tactics(tactics, matrix = c("enterprise", "mobile", "pre"),
na_rm = TRUE)
validate_tactics(
tactics,
matrix = c("enterprise", "mobile", "pre"),
na_rm = TRUE
)
}
\arguments{
\item{tactics}{a character vector of tactic strings to validate. This will be

7
man/validate_technique_ids.Rd

@ -4,8 +4,11 @@
\alias{validate_technique_ids}
\title{Validate Technique IDs}
\usage{
validate_technique_ids(technique_ids, matrix = c("enterprise", "mobile",
"pre"), na_rm = TRUE)
validate_technique_ids(
technique_ids,
matrix = c("enterprise", "mobile", "pre"),
na_rm = TRUE
)
}
\arguments{
\item{technique_ids}{a character vector of technique ids to validate}

8
man/validate_techniques.Rd

@ -4,8 +4,12 @@
\alias{validate_techniques}
\title{Validate Techniques strings against MITRE authoritative source}
\usage{
validate_techniques(techniques, matrix = c("enterprise", "mobile",
"pre"), ignore_case = FALSE, na_rm = TRUE)
validate_techniques(
techniques,
matrix = c("enterprise", "mobile", "pre"),
ignore_case = FALSE,
na_rm = TRUE
)
}
\arguments{
\item{matrix}{which matrix to use when validating?}

5
tools/update-framework.R

@ -175,6 +175,11 @@ tactics_f[["mitre-attack"]] <- ent_tac
tactics_f[["mitre-pre-attack"]] <- pre_tac
tactics_f[["mitre-mobile-attack"]] <- mob_tac
# Mitigations -------------------------------------------------------------
et_tbl <- read_html("https://attack.mitre.org/tactics/enterprise/") %>% html_nodes("table")
# Save it all out ---------------------------------------------------------
usethis::use_data(

Loading…
Cancel
Save