Merge pull request #152 from mitre-attack/fix/inherited-campaign-rela…

…tionships Fixes for inherited relationships & filtering revoked objects
mitre-attack · Oct 12, 2023 · 195810c · 195810c
2 parents 689e6c0 + 0b9ce7f
commit 195810c
Show file tree

Hide file tree

Showing 14 changed files with 219 additions and 228 deletions.
diff --git a/docs/mitre_attack_data/examples.rst b/docs/mitre_attack_data/examples.rst
@@ -13,9 +13,10 @@ Getting An ATT&CK Object
 
 * `get_object_by_stix_id.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_object_by_stix_id.py>`_
 * `get_object_by_attack_id.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_object_by_attack_id.py>`_
-* `get_object_by_name.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_object_by_name.py>`_
-* `get_group_by_alias.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_group_by_alias.py>`_
+* `get_objects_by_name.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_objects_by_name.py>`_
+* `get_groups_by_alias.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_groups_by_alias.py>`_
 * `get_software_by_alias.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_software_by_alias.py>`_
+* `get_campaigns_by_alias.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_campaigns_by_alias.py>`_
 * `get_stix_type.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_stix_type.py>`_
 * `get_attack_id.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_attack_id.py>`_
 * `get_name.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_name.py>`_
@@ -41,6 +42,7 @@ Getting Multiple ATT&CK Objects
 * `get_techniques_by_platform.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_techniques_by_platform.py>`_
 * `get_objects_by_content.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_objects_by_content.py>`_
 * `get_objects_created_after.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_objects_created_after.py>`_
+* `get_objects_modified_after.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_objects_modified_after.py>`_
 
 Related Objects
 -------------------
@@ -108,4 +110,3 @@ Campaign:Group Relationships
 * `get_groups_attributing_to_campaign.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_groups_attributing_to_campaign.py>`_
 * `get_all_campaigns_attributed_to_all_groups.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_all_campaigns_attributed_to_all_groups.py>`_
 * `get_campaigns_attributed_to_group.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_campaigns_attributed_to_group.py>`_
-
diff --git a/docs/mitre_attack_data/mitre_attack_data.rst b/docs/mitre_attack_data/mitre_attack_data.rst
@@ -57,7 +57,7 @@ a lookup table of STIX ID to related objects and relationships.
     # [
     #     {
     #         "object": Malware, # S0061
-    #         "relationship": Relationship # relationship between G0019 and S0061
+    #         "relationships": Relationship[] # relationships between G0019 and S0061
     #     },
     #     {
     #         ...
@@ -79,8 +79,7 @@ by ATT&CK.
     mitigations = mitre_attack_data.get_mitigations(remove_revoked_deprecated=True)
 
 
-To remove revoked and deprecated objects from the results of a method without a parameter to 
-automatically remove revoked and deprecated objects:
+To separately remove revoked and deprecated objects from the results of a method:
 
 .. code-block:: python
 

diff --git a/docs/notice.rst b/docs/notice.rst
@@ -1,6 +1,6 @@
 Notice
 ==============================================
-Copyright 2022 The MITRE Corporation
+Copyright 2023 The MITRE Corporation
 
 Approved for Public Release; Distribution Unlimited. Case Number 19-0486.
 

diff --git a/examples/get_all_mitigations_mitigating_all_techniques.py b/examples/get_all_mitigations_mitigating_all_techniques.py
@@ -9,7 +9,7 @@ def main():
 
     print(f"Mitigations mitigating techniques ({len(mitigations_mitigating.keys())} techniques):")
     for id, mitigations in mitigations_mitigating.items():
-        print(f"* {id} - mitigated by {len(mitigations)} {'mitigation' if len(mitigations) == 1 else 'mitigation'}")
+        print(f"* {id} - mitigated by {len(mitigations)} {'mitigation' if len(mitigations) == 1 else 'mitigations'}")
 
 
 if __name__ == "__main__":

diff --git a/examples/get_campaigns_by_alias.py b/examples/get_campaigns_by_alias.py
@@ -0,0 +1,14 @@
+from mitreattack.stix20 import MitreAttackData
+
+
+def main():
+    mitre_attack_data = MitreAttackData("enterprise-attack.json")
+
+    campaigns = mitre_attack_data.get_campaigns_by_alias("Frankenstein")
+
+    for campaign in campaigns:
+        print(f"{campaign.name} ({mitre_attack_data.get_attack_id(campaign.id)})")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/examples/get_group_by_alias.py b/examples/get_group_by_alias.py
diff --git a/examples/get_campaign_by_alias.py → examples/get_groups_by_alias.py b/examples/get_campaign_by_alias.py → examples/get_groups_by_alias.py
@@ -4,9 +4,10 @@
 def main():
     mitre_attack_data = MitreAttackData("enterprise-attack.json")
 
-    C0001 = mitre_attack_data.get_campaign_by_alias("Frankenstein")
+    groups = mitre_attack_data.get_groups_by_alias("Cozy Bear")
 
-    print(C0001.serialize(pretty=True))
+    for group in groups:
+        print(f"{group.name} ({mitre_attack_data.get_attack_id(group.id)})")
 
 
 if __name__ == "__main__":

diff --git a/examples/get_object_by_name.py b/examples/get_object_by_name.py
diff --git a/examples/get_objects_by_name.py b/examples/get_objects_by_name.py
@@ -0,0 +1,14 @@
+from mitreattack.stix20 import MitreAttackData
+
+
+def main():
+    mitre_attack_data = MitreAttackData("enterprise-attack.json")
+
+    techniques = mitre_attack_data.get_objects_by_name("System Information Discovery", "attack-pattern")
+
+    for technique in techniques:
+        print(technique.serialize(pretty=True))
+
+
+if __name__ == "__main__":
+    main()
diff --git a/examples/get_objects_created_after.py b/examples/get_objects_created_after.py
@@ -6,7 +6,7 @@ def main():
 
     objects = mitre_attack_data.get_objects_created_after("2022-10-01T00:00:00.000Z")
 
-    print(f"There were {len(objects)} objects created after 1 October 2022")
+    print(f"There are {len(objects)} objects created after 1 October 2022")
 
 
 if __name__ == "__main__":

diff --git a/examples/get_objects_modified_after.py b/examples/get_objects_modified_after.py
@@ -7,7 +7,7 @@ def main():
     date = "2022-10-01"
     objects = mitre_attack_data.get_objects_modified_after(date)
 
-    print(f"There were {len(objects)} objects modified after {date}")
+    print(f"There are {len(objects)} objects modified after {date}")
 
 
 if __name__ == "__main__":

diff --git a/examples/get_procedure_examples_by_tactic.py b/examples/get_procedure_examples_by_tactic.py
@@ -6,7 +6,7 @@ def print_procedure_examples(mitre_attack_data, attack_objects_using_technique):
         stix_object = attack_object["object"]
         attack_id = mitre_attack_data.get_attack_id(stix_id=stix_object["id"])
         name = stix_object["name"]
-        procedure_description = attack_object["relationship"].get("description")
+        procedure_description = attack_object["relationships"][0].get("description")
 
         print(f"[{attack_id}] {name}: {procedure_description}")
 

diff --git a/examples/get_software_by_alias.py b/examples/get_software_by_alias.py
@@ -4,9 +4,10 @@
 def main():
     mitre_attack_data = MitreAttackData("enterprise-attack.json")
 
-    S0196 = mitre_attack_data.get_software_by_alias("ShellTea")
+    software = mitre_attack_data.get_software_by_alias("ShellTea")
 
-    print(S0196.serialize(pretty=True))
+    for s in software:
+        print(f"{s.name} ({mitre_attack_data.get_attack_id(s.id)})")
 
 
 if __name__ == "__main__":