From cf79d471cae18141c5e2e5eacfd3ff740e3481d5 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Thu, 28 Dec 2023 15:14:25 +0900 Subject: [PATCH 1/3] feat: add ruletitle --- src/takajopkg/ttpSummary.nim | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/src/takajopkg/ttpSummary.nim b/src/takajopkg/ttpSummary.nim index b462aed1..63f6063d 100644 --- a/src/takajopkg/ttpSummary.nim +++ b/src/takajopkg/ttpSummary.nim @@ -7,7 +7,7 @@ proc readJsonFromFile(filename: string): JsonNode = file.close() result = parseJson(content) -proc compareArrays(a, b: array[4, string]): int = +proc compareArrays(a, b: array[5, string]): int = for i in 0..<4: if a[i] < b[i]: return -1 @@ -58,7 +58,7 @@ proc ttpSummary(output: string = "", quiet: bool = false, timeline: string) = let attack = readJsonFromFile("mitre-attack.json") var bar: SuruBar = initSuruBar() - seqOfResultsTables: seq[array[4, string]] + seqOfResultsTables: seq[array[5, string]] bar[0].total = totalLines bar.setup() @@ -77,15 +77,16 @@ proc ttpSummary(output: string = "", quiet: bool = false, timeline: string) = let tac = tac_no[dat] & dat let tec = res["Technique"].getStr() let sub = res["Sub-Technique"].getStr() - seqOfResultsTables.add([com, tac, tec, sub]) + let rul = jsonLine["RuleTitle"].getStr() + seqOfResultsTables.add([com, tac, tec, sub, rul]) except CatchableError: continue seqOfResultsTables.sort(compareArrays) bar.finish() - - let header = ["Computer", "Tactic", "Technique", "Sub-Technique", "Count"] - var prev = ["","","",""] + let header = ["Computer", "Tactic", "Technique", "Sub-Technique", "RuleTitle", "Count"] + var prev = ["","","","",""] var count = 1 + var ruleStr = initHashSet[string]() if output != "": # Open file to save results var outputFile = open(output, fmWrite) @@ -95,14 +96,17 @@ proc ttpSummary(output: string = "", quiet: bool = false, timeline: string) = ## Write contents for arr in seqOfResultsTables: - if arr == prev: + ruleStr.incl(arr[4]) + if arr[0..<4] == prev[0..<4]: count += 1 continue - for i, val in enumerate(arr): + for i, val in enumerate(arr[0..<4]): outputFile.write(escapeCsvField(val) & ",") + outputFile.write(escapeCsvField(ruleStr.mapIt($it).join(", "))) outputFile.write(escapeCsvField(intToStr(count))) prev = arr count = 1 + ruleStr = initHashSet[string]() outputFile.write("\p") outputFile.close() let fileSize = getFileSize(output) @@ -113,12 +117,14 @@ proc ttpSummary(output: string = "", quiet: bool = false, timeline: string) = var table: TerminalTable table.add header for arr in seqOfResultsTables: - if arr == prev: + ruleStr.incl(arr[4]) + if arr[0..<4] == prev[0..<4]: count += 1 continue - table.add arr[0], arr[1], arr[2], arr[3], intToStr(count) + table.add arr[0], arr[1], arr[2], arr[3], ruleStr.mapIt($it).join(", "), intToStr(count) prev = arr count = 1 + ruleStr = initHashSet[string]() table.echoTableSepsWithStyled(seps = boxSeps) echo "" From 36d57fda2d1b133b2e7e09bee8e288ee1cef04dc Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Thu, 28 Dec 2023 15:20:44 +0900 Subject: [PATCH 2/3] fix: add comma --- src/takajopkg/ttpSummary.nim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/takajopkg/ttpSummary.nim b/src/takajopkg/ttpSummary.nim index 63f6063d..a33c8907 100644 --- a/src/takajopkg/ttpSummary.nim +++ b/src/takajopkg/ttpSummary.nim @@ -102,7 +102,7 @@ proc ttpSummary(output: string = "", quiet: bool = false, timeline: string) = continue for i, val in enumerate(arr[0..<4]): outputFile.write(escapeCsvField(val) & ",") - outputFile.write(escapeCsvField(ruleStr.mapIt($it).join(", "))) + outputFile.write(escapeCsvField(ruleStr.mapIt($it).join(", ")) & ",") outputFile.write(escapeCsvField(intToStr(count))) prev = arr count = 1 From 9f42e8344f749344ef8f31d4d36f848204d8acd6 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Wed, 3 Jan 2024 06:51:30 +0900 Subject: [PATCH 3/3] update changelog --- CHANGELOG-Japanese.md | 7 +++++++ CHANGELOG.md | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 41f96bf0..af026872 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,5 +1,12 @@ # 変更点 +## 2.x.x [xxxx/xx/xx] + +**改善:** + +- `ttp-visualize` コマンドで、MITRE ATT&CK Navigator上のテクニックをマウスオーバーしたときに、検知ルール名が表示されるようした。(#82) (@fukusuket) +- `ttp-summary`コマンドの結果にルールのタイトルを追加した。(#83) (@fukusuket) + ## 2.3.0 [2023/12/23] - SECCON Christmas Release **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 4dfaf647..680bda2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changes +## 2.x.x [xxxx/xx/xx] + +**Enhancements:** + +- In the `ttp-visualize` command, the name of the rule that detected the technique will now be shown in the comment when hovering over the technique in MITRE ATT&CK Navigator. (#82) (@fukusuket) +- Added rule titles to the `ttp-summary` command output. (#83) (@fukusuket) + ## 2.3.0 [2023/12/23] - SECCON Christmas Release **New Features:**