revert layer scripts to use master branch of CTI

isaisabel · isaisabel · commit 51219edec961 · 2020-07-08T08:51:34.000-04:00
diff --git a/scripts/layers/samples/apt3_apt29_software.py b/scripts/layers/samples/apt3_apt29_software.py
@@ -8,7 +8,7 @@ def generate(show_nodetect=False):
         generate and return a layer dict showing techniques used by APT3 and APT29 as well as software used by those groups
         param show_nodetect, if true, causes techniques that have no data-sources to be highlighted as well
     """
-    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/subtechniques/enterprise-attack/enterprise-attack.json", verify=False).json()
+    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json").json()
     ms = stix2.MemoryStore(stix_data=stix["objects"])
     apt3 = ms.get("intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9")
     apt29 = ms.get("intrusion-set--899ce53f-13a0-479b-a0e4-67d46e241542")
diff --git a/scripts/layers/samples/bear_APT.py b/scripts/layers/samples/bear_APT.py
@@ -7,7 +7,7 @@
 def generate():
     """parse the STIX on MITRE/CTI and return a layer dict showing all techniques used by an APT group with phrase 'bear' in the group aliases."""
     # import the STIX data from MITRE/CTI
-    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/subtechniques/enterprise-attack/enterprise-attack.json", verify=False).json()
+    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json").json()
     ms = stix2.MemoryStore(stix_data=stix["objects"])
 
     groups = ms.query([ stix2.Filter("type", "=", "intrusion-set") ])
diff --git a/scripts/layers/samples/heatmap.py b/scripts/layers/samples/heatmap.py
@@ -7,7 +7,7 @@
 def generate():
     """parse the STIX on MITRE/CTI and return a layer dict with techniques with randomized scores"""
     # import the STIX data from MITRE/CTI
-    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/subtechniques/enterprise-attack/enterprise-attack.json", verify=False).json()
+    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json").json()
     ms = stix2.MemoryStore(stix_data=stix["objects"])
     # get all techniques in STIX
     techniques = ms.query([
diff --git a/scripts/layers/samples/software_execution.py b/scripts/layers/samples/software_execution.py
@@ -9,7 +9,7 @@ def generate(softwaretype="software"):
         If softwaretype is specified as "malware" or "tool", only shows software of that type. If softwaretype is specified as "software" output layer shows both malware and tools
     """
     # import the STIX data from MITRE/CTI
-    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/subtechniques/enterprise-attack/enterprise-attack.json", verify=False).json()
+    stix = requests.get("https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json").json()
     ms = stix2.MemoryStore(stix_data=stix["objects"])
     # software includes malware and tool types so perform two queries and merge the results
     software_filters = []
