active_attack 0.1.17 → 0.1.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78730961024a7cd6584554862c384f895efe9df561cc3b5a8366f141da1287df
-  data.tar.gz: a74ba260929fb09dfbd62a45d26b55d7a20eff5fd9934a6b3939f6260a7ab47f
+  metadata.gz: 79e4309e8ae711f97721e56e4ec2bcd0b227e1282bbe5ca333ccc85d32c43762
+  data.tar.gz: f028e5760d1d4fb502ba974afe3992ad9025132b00175b5d49a1c617174ab207
 SHA512:
-  metadata.gz: dd46553421b8eb8a8a2d3150711c0b19e229e44f18fea451d7d053823ddbaf866729dfd929800589d435bb4f0613f72fa8734b06e037604ac5dcfece690eef54
-  data.tar.gz: '091d4e5948456072fe715b472389698151b89cf7e34ff460911e492295be23b673d3ec97c6943b579c7e25c76e680afc3396617ac76a4729459d6bcd5a099c71'
+  metadata.gz: acda5960fa442fbfd58fef704c364d7bcc7a84836cdd2d5185220e004ec9f3fc63e0b4e96e1d48b9374bdf57631a687a38cc8e0499940bfe8126f0f77d574c8f
+  data.tar.gz: 107aedf52209114917f9e90ac37bc84ac143f30074849582c3bd9ef51f164c9af8808726cfbf54775e718e6c90eb19d30fa6fd6acbb53f1e0a02c8e9555c58e8

data/app/assets/javascripts/active_attack/controllers/attack_pattern_controller.es6

@@ -0,0 +1,17 @@
+stimulus.register("attack-pattern", class extends Stimulus.Controller {
+
+    static get targets() {
+        return ["info"]
+    }
+
+    info() {
+        event.preventDefault()
+        console.log(this.infoTarget)
+        console.log(event.currentTarget.dataset.attackPatternUrl)
+        fetch(event.currentTarget.dataset.attackPatternUrl)
+            .then(response => response.text())
+            .then(html => {
+                this.infoTarget.innerHTML = html
+            })
+    }
+})

data/app/assets/javascripts/active_attack/controllers/content_loader_controller.es6

@@ -0,0 +1,13 @@
+stimulus.register("content-loader", class extends Stimulus.Controller {
+    connect() {
+        this.load()
+    }
+
+    load() {
+        fetch(this.data.get("url"))
+            .then(response => response.text())
+            .then(html => {
+                this.element.innerHTML = html
+            })
+    }
+})

data/app/assets/stylesheets/active_attack/playbooks.css

@@ -33,7 +33,7 @@ th, td {
     font-family: 'Inconsolata', monospace;
 }
 
-.used {
+.used a:visited, .used a:link {
     color: #F70000;
 }
 
@@ -286,6 +286,12 @@ table {
     text-decoration: none;
 }
 
+.activebtn a:any-link{
+    color: #ffffff;
+    background: #ef9124;
+    text-decoration: none;
+}
+
 a:link {
     color: #95989a;
     text-decoration: none;

data/app/controllers/active_attack/attack_patterns_controller.rb

@@ -0,0 +1,31 @@
+class ActiveAttack::AttackPatternsController < ApplicationController
+  before_action :set_attack_pattern, only: [:show, :edit, :update, :destroy, :data]
+
+
+  def index
+     render :layout => false
+  end
+
+  def edit
+  end
+
+  def new
+  end
+
+  def show
+     render :layout => false
+  end
+
+  private
+
+  # Use callbacks to share common setup or constraints between actions.
+  def set_attack_pattern
+    @attack_pattern = ActiveStix::AttackPattern.find(params[:id])
+  end
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def attack_pattern_params
+    params.require(:attack_matrix).permit(:id)
+  end
+
+end

data/app/controllers/active_attack/playbooks_controller.rb

@@ -1,3 +1,5 @@
+load '/Users/adalton/projects/panacea/ActiveAttack/app/overrides/models/active_stix/threat_actor_override.rb'
+
 class ActiveAttack::PlaybooksController < ApplicationController
   before_action :set_attack_playbook, only: [:edit, :update, :destroy]
 
@@ -14,8 +16,8 @@ class ActiveAttack::PlaybooksController < ApplicationController
     #   render :json => @attack_playbook.stix_bundle
     # end
     @playbooks = ActiveAttack::Playbook.all
-    @playbook = @playbooks.find(params[:id])
-    @threat_actor = @playbook.threat_actor
+    @threat_actor = ActiveStix::ThreatActor.find(params[:id])
+    @playbook = @threat_actor.playbook
     @report = @playbook.bundle
 
     respond_to do |format|

data/app/helpers/active_attack/playbooks_helper.rb

@@ -7,7 +7,7 @@ module ActiveAttack
     end
 
     def campaign_list(phase, row)
-      @playbook.attack_pattern_campaign_list(phase,row)
+      @playbook.attack_pattern_campaign_list(phase, row)
     end
 
     def attack_pattern_target(phase, row)
@@ -17,5 +17,26 @@ module ActiveAttack
         "matrix.notused"
       end
     end
+
+    def attack_pattern_link(phase, row)
+      attack_pattern = @playbook.attack_pattern_matrix(phase.name, row)
+      if attack_pattern
+        link_to attack_pattern.name, stix.attack_pattern_path(attack_pattern)
+      end
+    end
+
+    def attack_pattern_info(phase, row)
+      attack_pattern = @playbook.attack_pattern_matrix(phase.name, row)
+      if attack_pattern
+        "<span  ='/attack/attack_patterns/#{attack_pattern.id}'>click me</span>"
+        content_tag(:span,
+            "Click",
+            data: {
+                action: 'click->attack-pattern#info',
+                attack_pattern_url: "/attack/attack_patterns/#{attack_pattern.id}",
+            }
+        )
+      end
+    end
   end
 end

data/app/models/active_attack/playbook.rb

@@ -8,7 +8,7 @@ module ActiveAttack
     end
 
     def campaigns
-      @campaigns ||= bundle.bundled_objects.select {|b| b.stix_object.type == "campaign"}.collect {|bo| bo.stix_object}
+      @campaigns ||= threat_actor.campaigns
     end
 
     def campaign
@@ -39,8 +39,9 @@ module ActiveAttack
 
     def attack_pattern_campaign_list(phase, row)
       attack_pattern = attack_pattern_matrix(phase, row)
+      name = attack_pattern ? attack_pattern.name : ""
       campaigns.select do |campaign|
-        campaign_attack_patterns[campaign].collect(&:name).include? attack_pattern
+        campaign_attack_patterns[campaign].collect(&:name).include? name
       end.collect(&:stix_id).join(" ")
     end
 
@@ -56,7 +57,7 @@ module ActiveAttack
     def attack_pattern_matrix(phase, row)
       phase = phased_attack_patterns[phase]
       if row < phase.size
-        phase[row].name
+        phase[row]
       else
         nil
       end

data/app/overrides/models/active_stix/threat_actor_override.rb

@@ -0,0 +1,3 @@
+ActiveStix::ThreatActor.class_eval do
+  has_one :playbook, class_name: "ActiveAttack::Playbook", foreign_key: 'threat_actor_id', primary_key: 'stix_id'
+end

data/app/views/active_attack/attack_patterns/index.html.erb

@@ -0,0 +1 @@
+Hi Adam

data/app/views/active_attack/attack_patterns/show.html.erb

@@ -0,0 +1,106 @@
+<div class="container-fluid">
+  <% markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, fenced_code_blocks: true) %>
+
+  <% if @attack_pattern.external_references.collect {|x| x.source_name}.include?("mitre-attack") %>
+    <div>
+      <div>
+        <h2><%= @attack_pattern.name %></h2>
+        <br>
+        <strong>Description:</strong>
+        <br>
+        <div>
+          <%= markdown.render(@attack_pattern.description).html_safe %>
+        </div>
+        <br>
+        <br>
+
+        <strong>Examples</strong>
+        <br>
+        <table>
+          <tr>
+            <th>Name</th>
+            <th>Description</th>
+          </tr>
+
+          <% @attack_pattern.target_relationships.where("relationship_type = 'uses'").each do |rel| %>
+            <!-- make sure stix tools objects aren't included in the list -->
+            <% next if rel.source.name.include?("--") %>
+            <tr>
+              <td> <%= rel.source.name %> </td>
+              <td> <%= markdown.render(rel.description).html_safe if rel.description %></td>
+            </tr>
+          <% end %>
+        </table>
+        <br>
+        <br>
+
+        <div>
+          <strong>ID:</strong>
+          <%= @attack_pattern.external_references.find_by("source_name = 'mitre-attack'").external_id %>
+          <br>
+          <Strong>Tactic:</Strong>
+          <%= @attack_pattern.phases.first.name %>
+          <br>
+          <Strong>Platform:</Strong>
+
+          <br>
+          <Strong>Permissions Required:</Strong>
+          <br>
+          <Strong>Data Sources:</Strong>
+
+        </div>
+      </div>
+    </div>
+  <% elsif @attack_pattern.external_references.collect {|x| x.source_name}.include?("mitre-pre-attack") %>
+    <div>
+      <div>
+        <h2><%= @attack_pattern.name %></h2>
+        <br>
+        <strong>Description:</strong>
+        <br>
+        <div>
+          <%= markdown.render(@attack_pattern.description).html_safe %>
+        </div>
+        <br>
+        <strong>Detection:</strong>
+        <br>
+        <div>
+          <strong>Detectable by Common Defenses
+            (Yes/No/Partial):</strong>   <%= @attack_pattern.detectable_by_common_defenses.first.detectable %>
+        </div>
+
+        <br>
+        <div>
+          <strong>Explanation:</strong> <%= @attack_pattern.detectable_by_common_defenses_explanations.first.explanation %>
+        </div>
+
+        <br>
+        <strong>Difficulty for the Adversary:</strong>
+        <div>
+          <strong>Easy for the Adversary
+            (Yes/No):</strong> <%= @attack_pattern.difficulty_for_adversaries.first.difficulty %>
+        </div>
+
+        <br>
+        <div>
+          <strong>Explanation:</strong> <%= @attack_pattern.difficulty_for_adversary_explanations.first.explanation %>
+        </div>
+
+        <div>
+          <strong>ID:</strong>
+          <%= @attack_pattern.external_references.find_by("source_name = 'mitre-pre-attack'").external_id %>
+          <br>
+          <Strong>Tactic:</Strong>
+          <%= @attack_pattern.phases.first.name %>
+          <br>
+          <Strong>Version:</Strong>
+          <%= @attack_pattern.versions.first.version %>
+
+        </div>
+      </div>
+
+    </div>
+  <% else %>
+    <%= "Error" %>
+  <% end %>
+</div>

data/app/views/active_attack/playbooks/_sidebar.html.erb

@@ -0,0 +1,16 @@
+<div class="box sidebar">
+  <a href="https://unit42.paloaltonetworks.com/" target="_blank"></a>
+  <h2>
+    PLAYBOOKS
+    <%= link_to stix.new_threat_actor_path, class: "d-flex align-items-center text-muted", "aria-label" => "Add a new report" do %>
+      <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus-circle">
+        <circle cx="12" cy="12" r="10"></circle>
+        <line x1="12" y1="8" x2="12" y2="16"></line>
+        <line x1="8" y1="12" x2="16" y2="12"></line>
+      </svg>
+    <% end %>
+  </h2>
+  <% @playbooks.each do |playbook| %>
+    <div class="btn playbook <%= "activebtn" if playbook.threat_actor.id = params[:id] %>"><%= link_to playbook.threat_actor.name, playbook %></div>
+  <% end %>
+</div>

data/app/views/active_attack/playbooks/edit.html.erb

@@ -2,5 +2,3 @@
 
 <%= render 'form', attack_playbook: @attack_playbook %>
 
-<%= link_to 'Show', @attack_playbook %> |
-<%= link_to 'Back', attack_playbooks_path %>

data/app/views/active_attack/playbooks/index.html.erb

@@ -2,18 +2,8 @@
   <div class="wrapper" data-controller="playbooks">
     <div class="box header">
       <span>PLAYBOOK VIEWER</span></div>
-    <div class="box sidebar">
-      <a href="https://unit42.paloaltonetworks.com/" target="_blank"></a>
-      <!--<span>PLAYBOOKS</span><br>-->
-      <% @playbooks.each do |playbook| %>
-        <div class="btn playbook"><%= link_to playbook.threat_actor.name, playbook %></div>
-      <% end %>
 
-
-
-      <!--<div class="btn playbook" id="playbook_name" pb_file="name.json" onclick="">NAME</div>-->
-
-    </div>
+    <%= render 'sidebar' %>
     <div class="box inside" data-controller="campaign">
     </div>
     <div class="info">

data/app/views/active_attack/playbooks/show.html.erb

@@ -1,51 +1,41 @@
 <div class="container-fluid">
-  <div class="wrapper" data-controller="playbooks">
+  <div class="wrapper" data-controller="playbooks attack-pattern">
     <div class="box header">
-      <span>PLAYBOOK VIEWER</span></div>
-    <div class="box sidebar">
-      <a href="https://unit42.paloaltonetworks.com/" target="_blank"></a>
-      <!--<span>PLAYBOOKS</span><br>-->
-      <% @playbooks.each do |playbook| %>
-        <div class="btn playbook"><%= link_to playbook.threat_actor.name, playbook %></div>
-      <% end %>
-
-
-
-      <!--<div class="btn playbook" id="playbook_name" pb_file="name.json" onclick="">NAME</div>-->
-
-    </div>
+      <span>PLAYBOOK for <%= link_to @threat_actor.name, stix.threat_actor_path(@threat_actor) %></span></div>
+    <%= render 'sidebar' %>
     <div class="box inside" data-controller="campaign">
       <div class="box description">
         <% @playbook.campaigns.each_with_index do |campaign, i| %>
-          <span data-target="campaign.description" id="campaign-<%= i %>" class="filter--notUsed"><%= campaign.description %></span>
+          <div data-target="campaign.description" id="campaign-<%= i %>" class="filter--notUsed"><%= campaign.description %></div>
         <% end %>
+        <div data-target="attack-pattern.info"></div>
       </div>
       <div class="box timeline">
-        <% @playbook.campaigns.each_with_index do |campaign,i| %>
-          <div class="timeline_btn btn btn-report"  data-action="click->campaign#view click->playbooks#updateMatrix" data-target="campaign"  index="<%= i %>" id="<%= campaign.stix_id%>" campaign_id="<%= campaign.stix_id%>" >
-              <%= campaign.name %>
+        <% @playbook.campaigns.each_with_index do |campaign, i| %>
+          <div class="timeline_btn btn btn-report" data-action="click->campaign#view click->playbooks#updateMatrix" data-target="campaign" index="<%= i %>" id="<%= campaign.stix_id %>" campaign_id="<%= campaign.stix_id %>">
+            <%= campaign.name %>
           </div>
         <% end %>
       </div>
     </div>
-    <div class="info">
-
-
-    </div>
+    <div class="info"></div>
     <div class="container-fluid" data-controller="matrix">
       <button data-action="click->matrix#playbook">
         Filter
       </button>
       <div class="row">
         <% @playbook.kill_chain.phases.each do |phase| %>
-          <div class="col header kill-chain-phase-header rounded border"><%= phase.name %></div>
+          <div class="col-md-1 col-lg-1 header kill-chain-phase-header rounded border nowrap"><%= phase.name %></div>
         <% end %>
       </div>
       <% 0.upto(@playbook.number_of_rows - 1).each do |row| %>
-        <div data-target="matrix.row playbooks.row" class="row">
+        <div data-target="matrix.row playbooks.row" class="row nowrap">
           <% @playbook.kill_chain.phases.each do |phase| %>
-            <div class="col rounded border">
-              <span data-target="matrix.attackPattern playbooks.attackPattern" class="attack-pattern <%= campaign_list(phase.name, row) %>"><%= @playbook.attack_pattern_matrix(phase.name, row) %></span>
+            <div class="col-md-1 col-lg-1 rounded border nowrap">
+              <span data-target="matrix.attackPattern playbooks.attackPattern" class="attack-pattern <%= campaign_list(phase.name, row) %>">
+                <%= attack_pattern_link(phase, row) %>
+                <%= attack_pattern_info(phase, row) %>
+              </span>
             </div>
           <% end %>
         </div>

data/config/routes.rb

@@ -1,6 +1,7 @@
 ActiveAttack::Engine.routes.draw do
   resources :tactics
   resources :versions
+  resources :attack_patterns
   resources :playbooks
   resources :platforms
   resources :permissions_requireds

data/lib/active_attack/version.rb

@@ -1,3 +1,3 @@
 module ActiveAttack
-  VERSION = '0.1.17'
+  VERSION = '0.1.18'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: active_attack
 version: !ruby/object:Gem::Version
-  version: 0.1.17
+  version: 0.1.18
 platform: ruby
 authors:
 - Adam Dalton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-14 00:00:00.000000000 Z
+date: 2020-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -127,7 +127,9 @@ files:
 - app/assets/config/active_attack_manifest.js
 - app/assets/images/active_attack/logo.png
 - app/assets/javascripts/active_attack/application.js
+- app/assets/javascripts/active_attack/controllers/attack_pattern_controller.es6
 - app/assets/javascripts/active_attack/controllers/campaign_controller.es6
+- app/assets/javascripts/active_attack/controllers/content_loader_controller.es6
 - app/assets/javascripts/active_attack/controllers/matrix_controller.es6
 - app/assets/javascripts/active_attack/controllers/playbooks_controller.es6
 - app/assets/javascripts/active_attack/initializers/stimulus.coffee
@@ -142,6 +144,7 @@ files:
 - app/assets/stylesheets/active_attack/tactics.css
 - app/assets/stylesheets/active_attack/versions.css
 - app/controllers/active_attack/application_controller.rb
+- app/controllers/active_attack/attack_patterns_controller.rb
 - app/controllers/active_attack/matrices_controller.rb
 - app/controllers/active_attack/playbooks_controller.rb
 - app/controllers/active_attack/tactics_controller.rb
@@ -167,7 +170,10 @@ files:
 - app/overrides/models/active_stix/bundle_override.rb
 - app/overrides/models/active_stix/malware_override.rb
 - app/overrides/models/active_stix/report_override.rb
+- app/overrides/models/active_stix/threat_actor_override.rb
 - app/overrides/models/active_stix/tool_override.rb
+- app/views/active_attack/attack_patterns/index.html.erb
+- app/views/active_attack/attack_patterns/show.html.erb
 - app/views/active_attack/matrices/_form.html.erb
 - app/views/active_attack/matrices/_stix_attack_matrix.json.jbuilder
 - app/views/active_attack/matrices/edit.html.erb
@@ -178,6 +184,7 @@ files:
 - app/views/active_attack/matrices/show.json.jbuilder
 - app/views/active_attack/playbooks/_attack_playbook.json.jbuilder
 - app/views/active_attack/playbooks/_form.html.erb
+- app/views/active_attack/playbooks/_sidebar.html.erb
 - app/views/active_attack/playbooks/edit.html.erb
 - app/views/active_attack/playbooks/index.html.erb
 - app/views/active_attack/playbooks/index.json.jbuilder