@mitre-attack/attack-data-model
Version:
A TypeScript API for the MITRE ATT&CK data model
303 lines (300 loc) • 9.86 kB
JavaScript
import {
MarkingDefinitionImpl
} from "./chunk-W2YOUMVK.js";
import {
RelationshipImpl
} from "./chunk-4RYLCAD6.js";
import {
MatrixImpl
} from "./chunk-YTLXS4H5.js";
import {
DetectionStrategyImpl
} from "./chunk-RNHPH3PY.js";
import {
IdentityImpl
} from "./chunk-V343NNBE.js";
import {
AnalyticImpl
} from "./chunk-ZLVKIV7W.js";
import {
CampaignImpl,
GroupImpl
} from "./chunk-5TY6GUSK.js";
import {
ToolImpl
} from "./chunk-BVJE73TW.js";
import {
MalwareImpl
} from "./chunk-BG2COBEQ.js";
import {
DataComponentImpl,
TechniqueImpl
} from "./chunk-QJTV5XHG.js";
import {
LogSourceImpl
} from "./chunk-Q6TAIUC2.js";
import {
AssetImpl
} from "./chunk-U4SUBVE6.js";
import {
CollectionImpl
} from "./chunk-6IMNEOJJ.js";
import {
DataSourceImpl
} from "./chunk-UVFRWXP3.js";
import {
MitigationImpl
} from "./chunk-R4ISNN3D.js";
import {
TacticImpl
} from "./chunk-3Z75KXCP.js";
// src/classes/attack-data-model.ts
var AttackDataModel = class {
constructor(uuid, attackObjects) {
this.uuid = uuid;
this.attackObjects = attackObjects;
this.techniques = [];
this.campaigns = [];
this.mitigations = [];
this.identities = [];
this.groups = [];
this.malware = [];
this.tools = [];
this.markingDefinitions = [];
this.dataComponents = [];
this.dataSources = [];
this.tactics = [];
this.assets = [];
this.matrices = [];
this.collections = [];
this.relationships = [];
this.logSources = [];
this.detectionStrategies = [];
this.analytics = [];
this.populateData();
}
/**
* Returns the unique identifier for this data source/model.
* @returns string - Returns the unique identifier for this data source/model
*/
getUuid() {
return this.uuid;
}
/**
* Returns a list of ATT&CK objects that have been parsed by Zod schemas. These objects are not TS classes, but are plain JS objects. They do not contain relationship mappings.
* @returns AttackObject[] - a list of ATT&CK objects that have been parsed by Zod schemas. These objects are not TS classes, but are plain JS objects. They do not contain relationship mappings.
*/
getAttackObjects() {
return this.attackObjects;
}
/**
* Populates the class properties (e.g., techniques, groups, etc.) from the parsed objects array.
*/
populateData() {
const objectMap = /* @__PURE__ */ new Map();
this.attackObjects.forEach((object) => {
switch (object.type) {
// ASSET
case "x-mitre-asset": {
const asset = new AssetImpl(object);
this.assets.push(asset);
objectMap.set(object.id, asset);
break;
}
// CAMPAIGN
case "campaign": {
const campaign = new CampaignImpl(object);
this.campaigns.push(campaign);
objectMap.set(object.id, campaign);
break;
}
// COLLECTION
case "x-mitre-collection": {
const collection = new CollectionImpl(object);
this.collections.push(collection);
objectMap.set(object.id, collection);
break;
}
// DATA COMPONENT
case "x-mitre-data-component": {
const dataComponent = new DataComponentImpl(object);
this.dataComponents.push(dataComponent);
objectMap.set(object.id, dataComponent);
break;
}
// DATA SOURCE
case "x-mitre-data-source": {
const dataSource = new DataSourceImpl(object);
this.dataSources.push(dataSource);
objectMap.set(object.id, dataSource);
break;
}
// GROUP
case "intrusion-set": {
const group = new GroupImpl(object);
this.groups.push(group);
objectMap.set(object.id, group);
break;
}
// IDENTITY
case "identity": {
const identity = new IdentityImpl(object);
this.identities.push(identity);
objectMap.set(object.id, identity);
break;
}
// MALWARE
case "malware": {
const malware = new MalwareImpl(object);
this.malware.push(malware);
objectMap.set(object.id, malware);
break;
}
// MATRIX
case "x-mitre-matrix": {
const matrix = new MatrixImpl(object);
this.matrices.push(matrix);
objectMap.set(object.id, matrix);
break;
}
// MITIGATION
case "course-of-action": {
const mitigation = new MitigationImpl(object);
this.mitigations.push(mitigation);
objectMap.set(object.id, mitigation);
break;
}
// TACTIC
case "x-mitre-tactic": {
const tactic = new TacticImpl(object);
this.tactics.push(tactic);
objectMap.set(object.id, tactic);
break;
}
// TECHNIQUE
case "attack-pattern": {
const technique = new TechniqueImpl(object);
this.techniques.push(technique);
objectMap.set(object.id, technique);
break;
}
// TOOL
case "tool": {
const tool = new ToolImpl(object);
this.tools.push(tool);
objectMap.set(object.id, tool);
break;
}
// MARKING DEFINITION
case "marking-definition": {
const markingDefinition = new MarkingDefinitionImpl(object);
this.markingDefinitions.push(markingDefinition);
objectMap.set(object.id, markingDefinition);
break;
}
// RELATIONSHIP
case "relationship": {
const relationship = new RelationshipImpl(object);
this.relationships.push(relationship);
objectMap.set(object.id, relationship);
break;
}
// LOG SOURCE
case "x-mitre-log-source": {
const logSource = new LogSourceImpl(object);
this.logSources.push(logSource);
objectMap.set(object.id, logSource);
break;
}
// DETECTION STRATEGY
case "x-mitre-detection-strategy": {
const detectionStrategy = new DetectionStrategyImpl(object);
this.detectionStrategies.push(detectionStrategy);
objectMap.set(object.id, detectionStrategy);
break;
}
// ANALYTIC
case "x-mitre-analytic": {
const analytic = new AnalyticImpl(object);
this.analytics.push(analytic);
objectMap.set(object.id, analytic);
break;
}
}
});
this.initializeRelationships(objectMap);
}
/**
* Initializes relationships between objects, such as sub-techniques, tactics, mitigations, and more.
*/
initializeRelationships(objectMap) {
this.relationships.forEach((relationship) => {
const sourceObj = objectMap.get(relationship.source_ref);
const targetObj = objectMap.get(relationship.target_ref);
if (sourceObj && targetObj) {
switch (relationship.relationship_type) {
case "subtechnique-of":
if (sourceObj instanceof TechniqueImpl && targetObj instanceof TechniqueImpl) {
sourceObj.setParent(targetObj);
targetObj.addSubTechnique(sourceObj);
}
break;
case "uses":
if (sourceObj instanceof GroupImpl && targetObj instanceof TechniqueImpl) {
sourceObj.addTechnique(targetObj);
} else if (sourceObj instanceof CampaignImpl && targetObj instanceof TechniqueImpl) {
sourceObj.addTechnique(targetObj);
} else if (sourceObj instanceof MalwareImpl && targetObj instanceof TechniqueImpl) {
sourceObj.addTechnique(targetObj);
} else if (sourceObj instanceof ToolImpl && targetObj instanceof TechniqueImpl) {
sourceObj.addTechnique(targetObj);
} else if (sourceObj instanceof GroupImpl && (targetObj instanceof MalwareImpl || targetObj instanceof ToolImpl)) {
sourceObj.addSoftware(targetObj);
} else if (sourceObj instanceof CampaignImpl && (targetObj instanceof MalwareImpl || targetObj instanceof ToolImpl)) {
sourceObj.addSoftware(targetObj);
}
break;
case "mitigates":
if (sourceObj instanceof MitigationImpl && targetObj instanceof TechniqueImpl) {
targetObj.addMitigation(sourceObj);
}
break;
case "detects":
if (sourceObj instanceof DataComponentImpl && targetObj instanceof TechniqueImpl) {
sourceObj.addDetectedTechnique(targetObj);
targetObj.addDetectingDataComponent(sourceObj);
}
break;
case "targets":
if (sourceObj instanceof TechniqueImpl && targetObj instanceof AssetImpl) {
sourceObj.addTargetAsset(targetObj);
}
break;
case "attributed-to":
if (sourceObj instanceof CampaignImpl && targetObj instanceof GroupImpl) {
sourceObj.setAttributedTo(targetObj);
targetObj.addAttributedCampaign(sourceObj);
}
break;
case "revoked-by":
if (sourceObj.constructor.name === targetObj.constructor.name) {
sourceObj.setRevokedBy(targetObj);
}
break;
case "found-in":
if (sourceObj instanceof DataComponentImpl && targetObj instanceof LogSourceImpl) {
sourceObj.addFoundIn(targetObj);
targetObj.addFoundBy(sourceObj);
}
break;
default:
break;
}
}
});
}
// Other methods to query objects, get by ID, etc. (unchanged from previous version)
};
export {
AttackDataModel
};