active_attack 0.1.17 → 0.1.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/javascripts/active_attack/controllers/attack_pattern_controller.es6 +17 -0
- data/app/assets/javascripts/active_attack/controllers/content_loader_controller.es6 +13 -0
- data/app/assets/stylesheets/active_attack/playbooks.css +7 -1
- data/app/controllers/active_attack/attack_patterns_controller.rb +31 -0
- data/app/controllers/active_attack/playbooks_controller.rb +4 -2
- data/app/helpers/active_attack/playbooks_helper.rb +22 -1
- data/app/models/active_attack/playbook.rb +4 -3
- data/app/overrides/models/active_stix/threat_actor_override.rb +3 -0
- data/app/views/active_attack/attack_patterns/index.html.erb +1 -0
- data/app/views/active_attack/attack_patterns/show.html.erb +106 -0
- data/app/views/active_attack/playbooks/_sidebar.html.erb +16 -0
- data/app/views/active_attack/playbooks/edit.html.erb +0 -2
- data/app/views/active_attack/playbooks/index.html.erb +1 -11
- data/app/views/active_attack/playbooks/show.html.erb +16 -26
- data/config/routes.rb +1 -0
- data/lib/active_attack/version.rb +1 -1
- metadata +9 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 79e4309e8ae711f97721e56e4ec2bcd0b227e1282bbe5ca333ccc85d32c43762
|
4
|
+
data.tar.gz: f028e5760d1d4fb502ba974afe3992ad9025132b00175b5d49a1c617174ab207
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: acda5960fa442fbfd58fef704c364d7bcc7a84836cdd2d5185220e004ec9f3fc63e0b4e96e1d48b9374bdf57631a687a38cc8e0499940bfe8126f0f77d574c8f
|
7
|
+
data.tar.gz: 107aedf52209114917f9e90ac37bc84ac143f30074849582c3bd9ef51f164c9af8808726cfbf54775e718e6c90eb19d30fa6fd6acbb53f1e0a02c8e9555c58e8
|
@@ -0,0 +1,17 @@
|
|
1
|
+
stimulus.register("attack-pattern", class extends Stimulus.Controller {
|
2
|
+
|
3
|
+
static get targets() {
|
4
|
+
return ["info"]
|
5
|
+
}
|
6
|
+
|
7
|
+
info() {
|
8
|
+
event.preventDefault()
|
9
|
+
console.log(this.infoTarget)
|
10
|
+
console.log(event.currentTarget.dataset.attackPatternUrl)
|
11
|
+
fetch(event.currentTarget.dataset.attackPatternUrl)
|
12
|
+
.then(response => response.text())
|
13
|
+
.then(html => {
|
14
|
+
this.infoTarget.innerHTML = html
|
15
|
+
})
|
16
|
+
}
|
17
|
+
})
|
@@ -33,7 +33,7 @@ th, td {
|
|
33
33
|
font-family: 'Inconsolata', monospace;
|
34
34
|
}
|
35
35
|
|
36
|
-
.used {
|
36
|
+
.used a:visited, .used a:link {
|
37
37
|
color: #F70000;
|
38
38
|
}
|
39
39
|
|
@@ -286,6 +286,12 @@ table {
|
|
286
286
|
text-decoration: none;
|
287
287
|
}
|
288
288
|
|
289
|
+
.activebtn a:any-link{
|
290
|
+
color: #ffffff;
|
291
|
+
background: #ef9124;
|
292
|
+
text-decoration: none;
|
293
|
+
}
|
294
|
+
|
289
295
|
a:link {
|
290
296
|
color: #95989a;
|
291
297
|
text-decoration: none;
|
@@ -0,0 +1,31 @@
|
|
1
|
+
class ActiveAttack::AttackPatternsController < ApplicationController
|
2
|
+
before_action :set_attack_pattern, only: [:show, :edit, :update, :destroy, :data]
|
3
|
+
|
4
|
+
|
5
|
+
def index
|
6
|
+
render :layout => false
|
7
|
+
end
|
8
|
+
|
9
|
+
def edit
|
10
|
+
end
|
11
|
+
|
12
|
+
def new
|
13
|
+
end
|
14
|
+
|
15
|
+
def show
|
16
|
+
render :layout => false
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
# Use callbacks to share common setup or constraints between actions.
|
22
|
+
def set_attack_pattern
|
23
|
+
@attack_pattern = ActiveStix::AttackPattern.find(params[:id])
|
24
|
+
end
|
25
|
+
|
26
|
+
# Never trust parameters from the scary internet, only allow the white list through.
|
27
|
+
def attack_pattern_params
|
28
|
+
params.require(:attack_matrix).permit(:id)
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
load '/Users/adalton/projects/panacea/ActiveAttack/app/overrides/models/active_stix/threat_actor_override.rb'
|
2
|
+
|
1
3
|
class ActiveAttack::PlaybooksController < ApplicationController
|
2
4
|
before_action :set_attack_playbook, only: [:edit, :update, :destroy]
|
3
5
|
|
@@ -14,8 +16,8 @@ class ActiveAttack::PlaybooksController < ApplicationController
|
|
14
16
|
# render :json => @attack_playbook.stix_bundle
|
15
17
|
# end
|
16
18
|
@playbooks = ActiveAttack::Playbook.all
|
17
|
-
@
|
18
|
-
@
|
19
|
+
@threat_actor = ActiveStix::ThreatActor.find(params[:id])
|
20
|
+
@playbook = @threat_actor.playbook
|
19
21
|
@report = @playbook.bundle
|
20
22
|
|
21
23
|
respond_to do |format|
|
@@ -7,7 +7,7 @@ module ActiveAttack
|
|
7
7
|
end
|
8
8
|
|
9
9
|
def campaign_list(phase, row)
|
10
|
-
@playbook.attack_pattern_campaign_list(phase,row)
|
10
|
+
@playbook.attack_pattern_campaign_list(phase, row)
|
11
11
|
end
|
12
12
|
|
13
13
|
def attack_pattern_target(phase, row)
|
@@ -17,5 +17,26 @@ module ActiveAttack
|
|
17
17
|
"matrix.notused"
|
18
18
|
end
|
19
19
|
end
|
20
|
+
|
21
|
+
def attack_pattern_link(phase, row)
|
22
|
+
attack_pattern = @playbook.attack_pattern_matrix(phase.name, row)
|
23
|
+
if attack_pattern
|
24
|
+
link_to attack_pattern.name, stix.attack_pattern_path(attack_pattern)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def attack_pattern_info(phase, row)
|
29
|
+
attack_pattern = @playbook.attack_pattern_matrix(phase.name, row)
|
30
|
+
if attack_pattern
|
31
|
+
"<span ='/attack/attack_patterns/#{attack_pattern.id}'>click me</span>"
|
32
|
+
content_tag(:span,
|
33
|
+
"Click",
|
34
|
+
data: {
|
35
|
+
action: 'click->attack-pattern#info',
|
36
|
+
attack_pattern_url: "/attack/attack_patterns/#{attack_pattern.id}",
|
37
|
+
}
|
38
|
+
)
|
39
|
+
end
|
40
|
+
end
|
20
41
|
end
|
21
42
|
end
|
@@ -8,7 +8,7 @@ module ActiveAttack
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def campaigns
|
11
|
-
@campaigns ||=
|
11
|
+
@campaigns ||= threat_actor.campaigns
|
12
12
|
end
|
13
13
|
|
14
14
|
def campaign
|
@@ -39,8 +39,9 @@ module ActiveAttack
|
|
39
39
|
|
40
40
|
def attack_pattern_campaign_list(phase, row)
|
41
41
|
attack_pattern = attack_pattern_matrix(phase, row)
|
42
|
+
name = attack_pattern ? attack_pattern.name : ""
|
42
43
|
campaigns.select do |campaign|
|
43
|
-
campaign_attack_patterns[campaign].collect(&:name).include?
|
44
|
+
campaign_attack_patterns[campaign].collect(&:name).include? name
|
44
45
|
end.collect(&:stix_id).join(" ")
|
45
46
|
end
|
46
47
|
|
@@ -56,7 +57,7 @@ module ActiveAttack
|
|
56
57
|
def attack_pattern_matrix(phase, row)
|
57
58
|
phase = phased_attack_patterns[phase]
|
58
59
|
if row < phase.size
|
59
|
-
phase[row]
|
60
|
+
phase[row]
|
60
61
|
else
|
61
62
|
nil
|
62
63
|
end
|
@@ -0,0 +1 @@
|
|
1
|
+
Hi Adam
|
@@ -0,0 +1,106 @@
|
|
1
|
+
<div class="container-fluid">
|
2
|
+
<% markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, fenced_code_blocks: true) %>
|
3
|
+
|
4
|
+
<% if @attack_pattern.external_references.collect {|x| x.source_name}.include?("mitre-attack") %>
|
5
|
+
<div>
|
6
|
+
<div>
|
7
|
+
<h2><%= @attack_pattern.name %></h2>
|
8
|
+
<br>
|
9
|
+
<strong>Description:</strong>
|
10
|
+
<br>
|
11
|
+
<div>
|
12
|
+
<%= markdown.render(@attack_pattern.description).html_safe %>
|
13
|
+
</div>
|
14
|
+
<br>
|
15
|
+
<br>
|
16
|
+
|
17
|
+
<strong>Examples</strong>
|
18
|
+
<br>
|
19
|
+
<table>
|
20
|
+
<tr>
|
21
|
+
<th>Name</th>
|
22
|
+
<th>Description</th>
|
23
|
+
</tr>
|
24
|
+
|
25
|
+
<% @attack_pattern.target_relationships.where("relationship_type = 'uses'").each do |rel| %>
|
26
|
+
<!-- make sure stix tools objects aren't included in the list -->
|
27
|
+
<% next if rel.source.name.include?("--") %>
|
28
|
+
<tr>
|
29
|
+
<td> <%= rel.source.name %> </td>
|
30
|
+
<td> <%= markdown.render(rel.description).html_safe if rel.description %></td>
|
31
|
+
</tr>
|
32
|
+
<% end %>
|
33
|
+
</table>
|
34
|
+
<br>
|
35
|
+
<br>
|
36
|
+
|
37
|
+
<div>
|
38
|
+
<strong>ID:</strong>
|
39
|
+
<%= @attack_pattern.external_references.find_by("source_name = 'mitre-attack'").external_id %>
|
40
|
+
<br>
|
41
|
+
<Strong>Tactic:</Strong>
|
42
|
+
<%= @attack_pattern.phases.first.name %>
|
43
|
+
<br>
|
44
|
+
<Strong>Platform:</Strong>
|
45
|
+
|
46
|
+
<br>
|
47
|
+
<Strong>Permissions Required:</Strong>
|
48
|
+
<br>
|
49
|
+
<Strong>Data Sources:</Strong>
|
50
|
+
|
51
|
+
</div>
|
52
|
+
</div>
|
53
|
+
</div>
|
54
|
+
<% elsif @attack_pattern.external_references.collect {|x| x.source_name}.include?("mitre-pre-attack") %>
|
55
|
+
<div>
|
56
|
+
<div>
|
57
|
+
<h2><%= @attack_pattern.name %></h2>
|
58
|
+
<br>
|
59
|
+
<strong>Description:</strong>
|
60
|
+
<br>
|
61
|
+
<div>
|
62
|
+
<%= markdown.render(@attack_pattern.description).html_safe %>
|
63
|
+
</div>
|
64
|
+
<br>
|
65
|
+
<strong>Detection:</strong>
|
66
|
+
<br>
|
67
|
+
<div>
|
68
|
+
<strong>Detectable by Common Defenses
|
69
|
+
(Yes/No/Partial):</strong> <%= @attack_pattern.detectable_by_common_defenses.first.detectable %>
|
70
|
+
</div>
|
71
|
+
|
72
|
+
<br>
|
73
|
+
<div>
|
74
|
+
<strong>Explanation:</strong> <%= @attack_pattern.detectable_by_common_defenses_explanations.first.explanation %>
|
75
|
+
</div>
|
76
|
+
|
77
|
+
<br>
|
78
|
+
<strong>Difficulty for the Adversary:</strong>
|
79
|
+
<div>
|
80
|
+
<strong>Easy for the Adversary
|
81
|
+
(Yes/No):</strong> <%= @attack_pattern.difficulty_for_adversaries.first.difficulty %>
|
82
|
+
</div>
|
83
|
+
|
84
|
+
<br>
|
85
|
+
<div>
|
86
|
+
<strong>Explanation:</strong> <%= @attack_pattern.difficulty_for_adversary_explanations.first.explanation %>
|
87
|
+
</div>
|
88
|
+
|
89
|
+
<div>
|
90
|
+
<strong>ID:</strong>
|
91
|
+
<%= @attack_pattern.external_references.find_by("source_name = 'mitre-pre-attack'").external_id %>
|
92
|
+
<br>
|
93
|
+
<Strong>Tactic:</Strong>
|
94
|
+
<%= @attack_pattern.phases.first.name %>
|
95
|
+
<br>
|
96
|
+
<Strong>Version:</Strong>
|
97
|
+
<%= @attack_pattern.versions.first.version %>
|
98
|
+
|
99
|
+
</div>
|
100
|
+
</div>
|
101
|
+
|
102
|
+
</div>
|
103
|
+
<% else %>
|
104
|
+
<%= "Error" %>
|
105
|
+
<% end %>
|
106
|
+
</div>
|
@@ -0,0 +1,16 @@
|
|
1
|
+
<div class="box sidebar">
|
2
|
+
<a href="https://unit42.paloaltonetworks.com/" target="_blank"></a>
|
3
|
+
<h2>
|
4
|
+
PLAYBOOKS
|
5
|
+
<%= link_to stix.new_threat_actor_path, class: "d-flex align-items-center text-muted", "aria-label" => "Add a new report" do %>
|
6
|
+
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus-circle">
|
7
|
+
<circle cx="12" cy="12" r="10"></circle>
|
8
|
+
<line x1="12" y1="8" x2="12" y2="16"></line>
|
9
|
+
<line x1="8" y1="12" x2="16" y2="12"></line>
|
10
|
+
</svg>
|
11
|
+
<% end %>
|
12
|
+
</h2>
|
13
|
+
<% @playbooks.each do |playbook| %>
|
14
|
+
<div class="btn playbook <%= "activebtn" if playbook.threat_actor.id = params[:id] %>"><%= link_to playbook.threat_actor.name, playbook %></div>
|
15
|
+
<% end %>
|
16
|
+
</div>
|
@@ -2,18 +2,8 @@
|
|
2
2
|
<div class="wrapper" data-controller="playbooks">
|
3
3
|
<div class="box header">
|
4
4
|
<span>PLAYBOOK VIEWER</span></div>
|
5
|
-
<div class="box sidebar">
|
6
|
-
<a href="https://unit42.paloaltonetworks.com/" target="_blank"></a>
|
7
|
-
<!--<span>PLAYBOOKS</span><br>-->
|
8
|
-
<% @playbooks.each do |playbook| %>
|
9
|
-
<div class="btn playbook"><%= link_to playbook.threat_actor.name, playbook %></div>
|
10
|
-
<% end %>
|
11
5
|
|
12
|
-
|
13
|
-
|
14
|
-
<!--<div class="btn playbook" id="playbook_name" pb_file="name.json" onclick="">NAME</div>-->
|
15
|
-
|
16
|
-
</div>
|
6
|
+
<%= render 'sidebar' %>
|
17
7
|
<div class="box inside" data-controller="campaign">
|
18
8
|
</div>
|
19
9
|
<div class="info">
|
@@ -1,51 +1,41 @@
|
|
1
1
|
<div class="container-fluid">
|
2
|
-
<div class="wrapper" data-controller="playbooks">
|
2
|
+
<div class="wrapper" data-controller="playbooks attack-pattern">
|
3
3
|
<div class="box header">
|
4
|
-
<span>PLAYBOOK
|
5
|
-
|
6
|
-
<a href="https://unit42.paloaltonetworks.com/" target="_blank"></a>
|
7
|
-
<!--<span>PLAYBOOKS</span><br>-->
|
8
|
-
<% @playbooks.each do |playbook| %>
|
9
|
-
<div class="btn playbook"><%= link_to playbook.threat_actor.name, playbook %></div>
|
10
|
-
<% end %>
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
<!--<div class="btn playbook" id="playbook_name" pb_file="name.json" onclick="">NAME</div>-->
|
15
|
-
|
16
|
-
</div>
|
4
|
+
<span>PLAYBOOK for <%= link_to @threat_actor.name, stix.threat_actor_path(@threat_actor) %></span></div>
|
5
|
+
<%= render 'sidebar' %>
|
17
6
|
<div class="box inside" data-controller="campaign">
|
18
7
|
<div class="box description">
|
19
8
|
<% @playbook.campaigns.each_with_index do |campaign, i| %>
|
20
|
-
<
|
9
|
+
<div data-target="campaign.description" id="campaign-<%= i %>" class="filter--notUsed"><%= campaign.description %></div>
|
21
10
|
<% end %>
|
11
|
+
<div data-target="attack-pattern.info"></div>
|
22
12
|
</div>
|
23
13
|
<div class="box timeline">
|
24
|
-
<% @playbook.campaigns.each_with_index do |campaign,i| %>
|
25
|
-
<div class="timeline_btn btn btn-report"
|
26
|
-
|
14
|
+
<% @playbook.campaigns.each_with_index do |campaign, i| %>
|
15
|
+
<div class="timeline_btn btn btn-report" data-action="click->campaign#view click->playbooks#updateMatrix" data-target="campaign" index="<%= i %>" id="<%= campaign.stix_id %>" campaign_id="<%= campaign.stix_id %>">
|
16
|
+
<%= campaign.name %>
|
27
17
|
</div>
|
28
18
|
<% end %>
|
29
19
|
</div>
|
30
20
|
</div>
|
31
|
-
<div class="info">
|
32
|
-
|
33
|
-
|
34
|
-
</div>
|
21
|
+
<div class="info"></div>
|
35
22
|
<div class="container-fluid" data-controller="matrix">
|
36
23
|
<button data-action="click->matrix#playbook">
|
37
24
|
Filter
|
38
25
|
</button>
|
39
26
|
<div class="row">
|
40
27
|
<% @playbook.kill_chain.phases.each do |phase| %>
|
41
|
-
<div class="col header kill-chain-phase-header rounded border"><%= phase.name %></div>
|
28
|
+
<div class="col-md-1 col-lg-1 header kill-chain-phase-header rounded border nowrap"><%= phase.name %></div>
|
42
29
|
<% end %>
|
43
30
|
</div>
|
44
31
|
<% 0.upto(@playbook.number_of_rows - 1).each do |row| %>
|
45
|
-
<div data-target="matrix.row playbooks.row" class="row">
|
32
|
+
<div data-target="matrix.row playbooks.row" class="row nowrap">
|
46
33
|
<% @playbook.kill_chain.phases.each do |phase| %>
|
47
|
-
<div class="col rounded border">
|
48
|
-
<span data-target="matrix.attackPattern playbooks.attackPattern" class="attack-pattern <%= campaign_list(phase.name, row) %>"
|
34
|
+
<div class="col-md-1 col-lg-1 rounded border nowrap">
|
35
|
+
<span data-target="matrix.attackPattern playbooks.attackPattern" class="attack-pattern <%= campaign_list(phase.name, row) %>">
|
36
|
+
<%= attack_pattern_link(phase, row) %>
|
37
|
+
<%= attack_pattern_info(phase, row) %>
|
38
|
+
</span>
|
49
39
|
</div>
|
50
40
|
<% end %>
|
51
41
|
</div>
|
data/config/routes.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: active_attack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.18
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Dalton
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-04-
|
11
|
+
date: 2020-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -127,7 +127,9 @@ files:
|
|
127
127
|
- app/assets/config/active_attack_manifest.js
|
128
128
|
- app/assets/images/active_attack/logo.png
|
129
129
|
- app/assets/javascripts/active_attack/application.js
|
130
|
+
- app/assets/javascripts/active_attack/controllers/attack_pattern_controller.es6
|
130
131
|
- app/assets/javascripts/active_attack/controllers/campaign_controller.es6
|
132
|
+
- app/assets/javascripts/active_attack/controllers/content_loader_controller.es6
|
131
133
|
- app/assets/javascripts/active_attack/controllers/matrix_controller.es6
|
132
134
|
- app/assets/javascripts/active_attack/controllers/playbooks_controller.es6
|
133
135
|
- app/assets/javascripts/active_attack/initializers/stimulus.coffee
|
@@ -142,6 +144,7 @@ files:
|
|
142
144
|
- app/assets/stylesheets/active_attack/tactics.css
|
143
145
|
- app/assets/stylesheets/active_attack/versions.css
|
144
146
|
- app/controllers/active_attack/application_controller.rb
|
147
|
+
- app/controllers/active_attack/attack_patterns_controller.rb
|
145
148
|
- app/controllers/active_attack/matrices_controller.rb
|
146
149
|
- app/controllers/active_attack/playbooks_controller.rb
|
147
150
|
- app/controllers/active_attack/tactics_controller.rb
|
@@ -167,7 +170,10 @@ files:
|
|
167
170
|
- app/overrides/models/active_stix/bundle_override.rb
|
168
171
|
- app/overrides/models/active_stix/malware_override.rb
|
169
172
|
- app/overrides/models/active_stix/report_override.rb
|
173
|
+
- app/overrides/models/active_stix/threat_actor_override.rb
|
170
174
|
- app/overrides/models/active_stix/tool_override.rb
|
175
|
+
- app/views/active_attack/attack_patterns/index.html.erb
|
176
|
+
- app/views/active_attack/attack_patterns/show.html.erb
|
171
177
|
- app/views/active_attack/matrices/_form.html.erb
|
172
178
|
- app/views/active_attack/matrices/_stix_attack_matrix.json.jbuilder
|
173
179
|
- app/views/active_attack/matrices/edit.html.erb
|
@@ -178,6 +184,7 @@ files:
|
|
178
184
|
- app/views/active_attack/matrices/show.json.jbuilder
|
179
185
|
- app/views/active_attack/playbooks/_attack_playbook.json.jbuilder
|
180
186
|
- app/views/active_attack/playbooks/_form.html.erb
|
187
|
+
- app/views/active_attack/playbooks/_sidebar.html.erb
|
181
188
|
- app/views/active_attack/playbooks/edit.html.erb
|
182
189
|
- app/views/active_attack/playbooks/index.html.erb
|
183
190
|
- app/views/active_attack/playbooks/index.json.jbuilder
|