secRAG-X/final.py at main · JENITH47/secRAG-X · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import json

INPUT_FILE = "enterprise-attack.json"
OUTPUT_FILE = "final_technique_data.json"

def format_tactic(tactic):
    return tactic.replace("-", " ").title()

def extract_all(data):
    techniques = {}
    mitigations = {}
    relationships = []

    # 🔹 Step 1: Extract Techniques + Tactics
    for obj in data["objects"]:

        # ✅ Techniques
        if obj.get("type") == "attack-pattern":

            if obj.get("x_mitre_deprecated") or obj.get("revoked"):
                continue

            tech_id = None
            for ref in obj.get("external_references", []):
                if ref.get("source_name") == "mitre-attack":
                    tech_id = ref.get("external_id")
                    break

            if not tech_id:
                continue

            tactics = [
                format_tactic(phase.get("phase_name"))
                for phase in obj.get("kill_chain_phases", [])
                if phase.get("phase_name")
            ]

            techniques[obj["id"]] = {
                "technique_id": tech_id,
                "name": obj.get("name"),
                "tactics": tactics if tactics else ["Unknown"],
                "mitigations": []
            }

        # ✅ Mitigations
        elif obj.get("type") == "course-of-action":

            if obj.get("x_mitre_deprecated") or obj.get("revoked"):
                continue

            mitigations[obj["id"]] = obj.get("name")

        # ✅ Relationships
        elif obj.get("type") == "relationship":
            relationships.append(obj)

    # 🔹 Step 2: Map Mitigation → Technique
    for rel in relationships:

        if rel.get("relationship_type") != "mitigates":
            continue

        source = rel.get("source_ref")   # mitigation
        target = rel.get("target_ref")   # technique

        if source in mitigations and target in techniques:
            techniques[target]["mitigations"].append(mitigations[source])

    return list(techniques.values())


# 🔹 Load file
with open(INPUT_FILE, "r") as f:
    data = json.load(f)

# 🔹 Extract everything
cleaned = extract_all(data)

# 🔹 Save output
with open(OUTPUT_FILE, "w") as f:
    json.dump(cleaned, f, indent=2)

print("✅ Step 3 completed: Techniques + Tactics + Mitigations ready")