Merge pull request #10 from mitre-attack/diff-stix

Add diff_stix script

Author: isaisabel

CHANGELOG.md

@@ -1,6 +1,6 @@
 # V1.1 - 29 March 2019
 ## New Scripts
-- Added [techniques_from_data_src.py](scripts/techniques_from_data_src.py).
+- Added [techniques_from_data_source.py](scripts/techniques_from_data_source.py).
 
 # V1.0 - 1 March 2019
 ## New Scripts

README.md

@@ -13,6 +13,12 @@ Note: this repository is a work in progress. In the coming months we will be add
 2. Activate the environment: `source env/bin/activate`
 3. Install requirements into the virtual environment: `pip3 install -r requirements.txt`
 
+## Training
+
+[![Binder](https://mybinder.org/badge_logo.svg)](https://mybinder.org/v2/gh/mitre-attack/attack-scripts/master)
+
+This repository also contains Jupyter notebooks and other material for ATT&CK training. The `trainings` directory has that content, which can be launched via Binder. The `binder` directory has requirements for that notebook, per the Binder documentation.
+
 ## Related MITRE Work
 #### CTI
 [Cyber Threat Intelligence repository](https://github.com/mitre/cti) of the ATT&CK catalog expressed in STIX 2.0 JSON.

binder/requirements.txt

@@ -0,0 +1,56 @@
+altair==3.2.0
+antlr4-python3-runtime==4.7.2
+appnope==0.1.0
+attackcti==0.2.7
+attrs==19.2.0
+backcall==0.1.0
+bleach==3.1.0
+certifi==2019.9.11
+chardet==3.0.4
+decorator==4.4.0
+defusedxml==0.6.0
+entrypoints==0.3
+idna==2.8
+ipykernel==5.1.2
+ipython==7.8.0
+ipython-genutils==0.2.0
+jedi==0.15.1
+Jinja2==2.10.1
+jsonschema==3.0.2
+jupyter-client==5.3.3
+jupyter-core==4.5.0
+MarkupSafe==1.1.1
+mistune==0.8.4
+nbconvert==5.6.0
+nbformat==4.4.0
+notebook==6.0.1
+numpy==1.17.2
+pandas==0.25.1
+pandocfilters==1.4.2
+parso==0.5.1
+pexpect==4.7.0
+pickleshare==0.7.5
+prometheus-client==0.7.1
+prompt-toolkit==2.0.9
+ptyprocess==0.6.0
+Pygments==2.4.2
+pyrsistent==0.15.4
+python-dateutil==2.8.0
+pytz==2019.2
+pyzmq==18.1.0
+requests==2.22.0
+Send2Trash==1.5.0
+simplejson==3.16.0
+six==1.12.0
+stix2==1.2.0
+stix2-patterns==1.1.0
+taxii2-client==0.5.0
+terminado==0.8.2
+testpath==0.4.2
+toolz==0.10.0
+tornado==6.0.3
+traitlets==4.3.2
+urllib3==1.25.6
+vega==2.6.0
+wcwidth==0.1.7
+webencodings==0.5.1

requirements.txt

@@ -12,4 +12,4 @@ stix2-patterns==1.1.0
 tabulate==0.8.3
 taxii2-client==0.5.0
 tqdm==4.31.1
-urllib3==1.24.1
+urllib3==1.24.2

scripts/README.md

@@ -4,5 +4,6 @@ This folder contains one-off scripts for working with ATT&CK content. These scri
 
 | script | description |
 |:-------|:------------|
-| [techniques_from_data_src.py](techniques_from_data_src.py) | Fetches the current ATT&CK STIX 2.0 objects from the ATT&CK TAXII server, prints all of the data sources listed in Enterprise ATT&CK, and then lists all the Enterprise techniques containing a given data source. Run `python3 techniques_from_data_source.py -h` for usage instructions. |
+| [techniques_from_data_source.py](techniques_from_data_source.py) | Fetches the current ATT&CK STIX 2.0 objects from the ATT&CK TAXII server, prints all of the data sources listed in Enterprise ATT&CK, and then lists all the Enterprise techniques containing a given data source. Run `python3 techniques_from_data_source.py -h` for usage instructions. |
 | [techniques_data_sources_vis.py](techniques_data_sources_vis.py) | Generate the csv data used to create the "Techniques Mapped to Data Sources" visualization in the ATT&CK roadmap. Run `python3 techniques_data_sources_vis.py -h` for usage instructions. | 
+| [diff_stix.py](diff_stix.py) | Create markdown and/or ATT&CK Navigator layers reporting on the changes between two versions of the STIX2 bundles representing the ATT&CK content. For default operation, put [enterprise-attack.json](https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json), [mobile-attack.json](https://github.com/mitre/cti/blob/master/mobile-attack/mobile-attack.json), and [pre-attack.json](https://github.com/mitre/cti/blob/master/pre-attack/pre-attack.json) bundles in 'old' and 'new' folders for the script to compare. Run `python3 diff_stix.py -h` for full usage instructions. |