@mitre-attack/attack-data-model

Version:

A TypeScript API for the MITRE ATT&CK data model

github.com/mitre-attack/attack-data-model

mitre-attack/attack-data-model

109 lines (106 loc) • 4.6 kB

text/typescript

import { z } from 'zod/v4'; import { StixType } from './stix-type.cjs'; /** * Comprehensive ATT&CK ID configuration map. * This single source of truth defines all ATT&CK ID types, their patterns, messages, and STIX type mappings. * * To add a new ATT&CK ID type: * 1. Add an entry to this map with the pattern, message, example, and stixTypes * 2. That's it! All other functionality will automatically work. */ declare const attackIdConfig: { readonly tactic: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Tactic ID format (TA####)"; readonly example: "TA####"; readonly stixTypes: readonly ["x-mitre-tactic"]; }; readonly technique: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Technique ID format (T####)"; readonly example: "T####"; readonly stixTypes: readonly ["attack-pattern"]; }; readonly subtechnique: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Sub-technique ID format (T####.###)"; readonly example: "T####.###"; readonly stixTypes: readonly ["attack-pattern"]; }; readonly group: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Group ID format (G####)"; readonly example: "G####"; readonly stixTypes: readonly ["intrusion-set"]; }; readonly software: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Software ID format (S####)"; readonly example: "S####"; readonly stixTypes: readonly ["malware", "tool"]; }; readonly mitigation: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Mitigation ID format (M####)"; readonly example: "M####"; readonly stixTypes: readonly ["course-of-action"]; }; readonly asset: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Asset ID format (A####)"; readonly example: "A####"; readonly stixTypes: readonly ["x-mitre-asset"]; }; readonly 'data-source': { readonly pattern: RegExp; readonly message: "Must match ATT&CK Data Source ID format (DS####)"; readonly example: "DS####"; readonly stixTypes: readonly ["x-mitre-data-source"]; }; readonly 'log-source': { readonly pattern: RegExp; readonly message: "Must match ATT&CK Log Source ID format (DS####)"; readonly example: "LS####"; readonly stixTypes: readonly ["x-mitre-log-source"]; }; readonly campaign: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Campaign ID format (C####)"; readonly example: "C####"; readonly stixTypes: readonly ["campaign"]; }; readonly 'data-component': { readonly pattern: RegExp; readonly message: "Must match ATT&CK Data Component Source ID format (DC####)"; readonly example: "DC####"; readonly stixTypes: readonly ["x-mitre-data-component"]; }; readonly 'detection-strategy': { readonly pattern: RegExp; readonly message: "Must match ATT&CK Detection Strategy Source ID format (DET####)"; readonly example: "DET####"; readonly stixTypes: readonly ["x-mitre-detection-strategy"]; }; readonly analytic: { readonly pattern: RegExp; readonly message: "Must match ATT&CK Analytic Source ID format (AN####)"; readonly example: "AN####"; readonly stixTypes: readonly ["x-mitre-analytic"]; }; }; type AttackIdType = keyof typeof attackIdConfig; type StixTypesWithAttackIds = Extract<StixType, (typeof attackIdConfig)[AttackIdType]['stixTypes'][number]>; declare const stixTypeToAttackIdMapping: Record<StixTypesWithAttackIds, AttackIdType>; declare const attackIdPatterns: Record<AttackIdType, RegExp>; declare const attackIdMessages: Record<AttackIdType, string>; declare const attackIdExamples: Record<AttackIdType, string>; /** * Gets the format example for a given STIX type * Special handling for attack-pattern which can be either technique or subtechnique */ declare function getAttackIdExample(stixType: StixTypesWithAttackIds): string; /** * Generic ATT&CK ID validator with configurable patterns for different object types */ declare const createAttackIdSchema: (stixType: StixTypesWithAttackIds) => z.ZodString; export { type AttackIdType, type StixTypesWithAttackIds, attackIdExamples, attackIdMessages, attackIdPatterns, createAttackIdSchema, getAttackIdExample, stixTypeToAttackIdMapping };