adam/cti
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added a release notes section, and a new table for the CAPEC relationships

Browse Source
This commit is contained in:
Rich Piazza
2021-08-09 14:34:19 -04:00
committed by GitHub
parent a2e510d5ee
commit 06e49570b0
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
USAGE-CAPEC.md
+20 -2
View File
@@ -41,7 +41,8 @@ The following is a table mapping of CAPEC properties to STIX properties. Some of
**parent_of** | `x_capec_parent_of_refs` | list(identifier)
**child_of** | `x_capec_child_of_refs` | list(identifier)
**can_precede** | `x_capec_can_precede_refs` | list(identifier)
**ca_follow** | `x_capec_can_follow_refs` | list(identifier)
**can_follow** | `x_capec_can_follow_refs` | list(identifier)
**peer_of** | `x_capec_peer_of_refs` | list(identifier)
CAPEC 3.5 properties not mapped (at this time): **Indicators**, **Taxonomy\_Mappings**, **Content\_History**
@@ -110,4 +111,21 @@ ap = get_attack_pattern_by_capec_id(fs, '66')[0]
get_mitigations_by_attack_pattern(fs, ap.id)
```
## Release Notes
### Release Notes
The STIX CAPEC data is generated by a python script named `capec2stix`. In this section the changes to the script for each new CAPEC release is listed.
## Release for CAPEC 3.5
* Added functionality to infer CAPEC ParentOf and CanFollow relationships:
- CAPEC does not explicitly state these relationships, so they needed to be inferred by looking at the children's "ChildOf" relationship and the can follows' "CanPrecede" relationship and work backwards
- A global map of CAPEC ids to STIX ids was created by iterating through all CAPEC objects and creating STIX ids
- Global maps of CAPEC ids to list of children CAPEC ids and list of CAPEC ids that can follow was created by iterating through all CAPEC objects
- When creating STIX Attack Pattern objects, the child and can follow maps are used to find the relationships that are not explicitly stated in the CAPEC object and the STIX id map is used to get the STIX ID for the related CAPECs
* Added the following properties to the Attack Pattern STIX object:
- `x_capec_child_of_refs`: contains a list of STIX ids of the Attack Pattern objects which the current object is a child of
- `x_capec_parent_of_refs`: contains a list of STIX ids of the Attack Pattern objects which the current object is a parent of
- `x_capec_can_precede_refs`: contains a list of STIX ids of the Attack Pattern objects which the current object can precede
- `x_capec_can_follow_refs`: contains a list of STIX ids of the Attack Pattern objects which the current object can follow
- `x_capec_peer_of_refs`: contains a list of STIX ids of the Attack Pattern objects which the current object is a peer of
* Added "allow_custom=True" as a flag when creating STIX bundles to satisfy the requirements for the new STIX release