Skip to content

Move MITRE reference with external_id to the exterior level of the response for all MITRE endpoints#9144

Merged
davidjiglesias merged 10 commits intomasterfrom
feature/8879-mitre-sort-reference
Jul 13, 2021
Merged

Move MITRE reference with external_id to the exterior level of the response for all MITRE endpoints#9144
davidjiglesias merged 10 commits intomasterfrom
feature/8879-mitre-sort-reference

Conversation

@mcarmona99
Copy link
Contributor

@mcarmona99 mcarmona99 commented Jun 29, 2021

Related issue
#8879

Hi team

This PR closes #8879.

In this pull request, I have included the reference with external_id out of the references list of each MITRE item.

I have updated unittest and API integration tests to include this change.

GET /mitre/mitigations?wait_for_complete=true&limit=1

Response 
{
  "data": {
    "affected_items": [
      {
        "deprecated": 1,
        "created_time": "2018-10-17 00:14:20.652000",
        "name": "Password Filter DLL Mitigation",
        "mitre_version": "1.0",
        "id": "course-of-action--00d7d21b-69d6-4797-88a2-c86f3fc97651",
        "description": "Ensure only valid password filters are registered. Filter DLLs must be present in Windows installation directory (<code>C:\\Windows\\System32\\</code> by default) of a domain controller and/or local computer with a corresponding entry in <code>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Notification Packages</code>. (Citation: Microsoft Install Password Filter n.d)",
        "modified_time": "2019-07-25 11:22:19.139000",
        "techniques": [
          "attack-pattern--b8c5c9dd-a662-479d-9428-ae745872537c"
        ],
        "references": [
          {
            "source": "Microsoft Install Password Filter n.d",
            "url": "https://msdn.microsoft.com/library/windows/desktop/ms721766.aspx",
            "description": "Microsoft. (n.d.). Installing and Registering a Password Filter DLL. Retrieved November 21, 2017."
          }
        ],
        "source": "mitre-attack",
        "external_id": "T1174",
        "url": "https://attack.mitre.org/mitigations/T1174"
      }
    ],
    "total_affected_items": 266,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "MITRE mitigations information was returned",
  "error": 0
}

With these changes, we can now sort by external_id, source and url:

GET /mitre/mitigations?wait_for_complete=true&limit=3&sort=-external_id&select=external_id,name

Response 
{
  "data": {
    "affected_items": [
      {
        "external_id": "T1501",
        "name": "Systemd Service Mitigation",
        "id": "course-of-action--83130e62-bca6-4a81-bd4b-8e233bd49db6"
      },
      {
        "external_id": "T1500",
        "name": "Compile After Delivery Mitigation",
        "id": "course-of-action--ae56a49d-5281-45c5-ab95-70a1439c338e"
      },
      {
        "external_id": "T1499",
        "name": "Endpoint Denial of Service Mitigation",
        "id": "course-of-action--82c21600-ccb6-4232-8c04-ef3792b56628"
      }
    ],
    "total_affected_items": 266,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "MITRE mitigations information was returned",
  "error": 0
}

Test results:

pytest framework/wazuh/core/tests/test_mitre.py 
=================== 13 passed, 2 warnings in 0.17s ===================

pytest framework/wazuh/tests/test_mitre.py 
=================== 7 passed, 2 warnings in 0.19s ===================

test_mitre_endpoints.tavern.yaml 
	 7 passed, 13 warnings

test_rbac_black_mitre_endpoints.tavern.yaml 
	 7 passed, 13 warnings

test_rbac_white_mitre_endpoints.tavern.yaml 
	 7 passed, 13 warnings

Regards,
Manuel.

@mcarmona99 mcarmona99 self-assigned this Jun 29, 2021
@mcarmona99 mcarmona99 force-pushed the feature/8879-mitre-sort-reference branch 2 times, most recently from 3e63ea8 to b63d9fb Compare June 29, 2021 13:33
CarlosRS9
CarlosRS9 reviewed Jun 30, 2021
View reviewed changes
@mcarmona99 mcarmona99 marked this pull request as draft June 30, 2021 08:30
@mcarmona99 mcarmona99 marked this pull request as ready for review June 30, 2021 08:32
@mcarmona99 mcarmona99 requested a review from CarlosRS9 June 30, 2021 08:33
CarlosRS9
CarlosRS9 previously approved these changes Jun 30, 2021
View reviewed changes
Copy link
Contributor

@CarlosRS9 CarlosRS9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mcarmona99 mcarmona99 force-pushed the feature/8879-mitre-sort-reference branch from 3995cdd to 31723ab Compare June 30, 2021 08:48
mcarmona99 and others added 8 commits July 6, 2021 12:20
@mcarmona99
Add external_id, source and url to MITRE resources
bc4c553
@mcarmona99
Minor changes to fix some errors
4d3d218
@mcarmona99
Update MITRE API integration test
b45a12f
@mcarmona99 @CarlosRS9
Update framework/wazuh/core/mitre.py
8d33364 
Co-authored-by: Carlos RS <54286452+CarlosRS9@users.noreply.github.com>
@mcarmona99 @CarlosRS9
Update framework/wazuh/core/mitre.py
d200b8d 
Co-authored-by: Carlos RS <54286452+CarlosRS9@users.noreply.github.com>
@mcarmona99 @CarlosRS9
Update framework/wazuh/core/mitre.py
4f757e9 
Co-authored-by: Carlos RS <54286452+CarlosRS9@users.noreply.github.com>
@mcarmona99 @CarlosRS9
Update framework/wazuh/core/mitre.py
fa86346 
Co-authored-by: Carlos RS <54286452+CarlosRS9@users.noreply.github.com>
@mcarmona99 @CarlosRS9
Update framework/wazuh/core/mitre.py
6d152b1 
Co-authored-by: Carlos RS <54286452+CarlosRS9@users.noreply.github.com>
@mcarmona99 mcarmona99 force-pushed the feature/8879-mitre-sort-reference branch from 31723ab to 6d152b1 Compare July 6, 2021 10:25
davidjiglesias
davidjiglesias requested changes Jul 8, 2021
View reviewed changes
Copy link
Member

@davidjiglesias davidjiglesias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add new references handling to father class

@davidjiglesias davidjiglesias merged commit b25d777 into master Jul 13, 2021
@davidjiglesias davidjiglesias deleted the feature/8879-mitre-sort-reference branch July 13, 2021 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidjiglesias davidjiglesias davidjiglesias approved these changes

+1 more reviewer

@CarlosRS9 CarlosRS9 CarlosRS9 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@mcarmona99 mcarmona99

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MITRE endpoints can't sort by references.external_id

3 participants

@mcarmona99 @davidjiglesias @CarlosRS9