Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some techniques are missing #153

Open
priamai opened this issue Jan 22, 2024 · 1 comment
Open

Some techniques are missing #153

priamai opened this issue Jan 22, 2024 · 1 comment

Comments

@priamai
Copy link

priamai commented Jan 22, 2024
edited
Loading

Describe the bug
I discovered randomly that some techniques are missing.

To Reproduce
Steps to reproduce the behavior:

from pyattck import Attck

attack = Attck(
    data_path='./pyattck/data',
    enterprise_attck_json="https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",
    ics_attck_json="https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/ics-attack/ics-attack.json"
)

attck_db = {}

for technique in attack.enterprise.techniques:
    if technique.id == "T0885":
        print(technique)
    #print(technique.id)
    #print(technique.name)
    #print(technique.external_references[0].external_id)
        
    tactic = technique.external_references[0].external_id
    
    phases = technique.kill_chain_phases
    attck_db[tactic] = (technique.name,[phase.phase_name for phase in phases])
    
for technique in attack.ics.techniques:
    if technique.id == "T0885":
        print(technique)
    #print(technique.id)
    #print(technique.name)
    #print(technique.external_references[0].external_id)
        
    tactic = technique.external_references[0].external_id
    
    phases = technique.kill_chain_phases
    attck_db[tactic] = (technique.name,[phase.phase_name for phase in phases])

Expected behavior

It should lead to:

https://attack.mitre.org/techniques/T0885/

instead the technique is not found.
@priamai
Copy link
Author

priamai commented Jan 22, 2024

Getting this error:

TypeError Traceback (most recent call last)
Cell In[2], line 23
20 phases = technique.kill_chain_phases
21 attck_db[tactic] = (technique.name,[phase.phase_name for phase in phases])
---> 23 for technique in attack.ics.techniques:
24 if technique.id == "T0885":
25 print(technique)

File ~/DevOps/github/firstorg2023/venv/lib/python3.10/site-packages/pyattck/attck.py:295, in Attck.ics(self)
288 @Property
289 def ics(self):
290 """Retrieve objects from the MITRE ICS ATT&CK Framework.
291
292 Returns:
293 PreAttack: Returns an ICSAttck object
294 """
--> 295 from .ics import ICSAttck
297 self.__logger.debug("Calling MITRE ICS ATT&CK Framework")
298 return ICSAttck()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@priamai