removed pre-attack from diff_stix

isaisabel · isaisabel · commit e09e63f6bdd5 · 2020-10-09T10:33:49.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# Changes staged on develop
+## Improvements
+- Removed pre-ATT&CK domain from scripts to support migration of that content to enterprise tactics. See issue [#36](https://github.com/mitre-attack/attack-scripts/issues/36).
+
 # v1.6 - 5 October 2020
 ## Improvements
 - Added [layer to SVG](https://github.com/mitre-attack/attack-scripts/tree/master/layers#to_svgpy) converter. See issue [#1](https://github.com/mitre-attack/attack-scripts/issues/1).
diff --git a/scripts/README.md b/scripts/README.md
@@ -6,5 +6,5 @@ This folder contains one-off scripts for working with ATT&CK content. These scri
 |:-------|:------------|
 | [techniques_from_data_source.py](techniques_from_data_source.py) | Fetches the current ATT&CK STIX 2.0 objects from the ATT&CK TAXII server, prints all of the data sources listed in Enterprise ATT&CK, and then lists all the Enterprise techniques containing a given data source. Run `python3 techniques_from_data_source.py -h` for usage instructions. |
 | [techniques_data_sources_vis.py](techniques_data_sources_vis.py) | Generate the csv data used to create the "Techniques Mapped to Data Sources" visualization in the ATT&CK roadmap. Run `python3 techniques_data_sources_vis.py -h` for usage instructions. | 
-| [diff_stix.py](diff_stix.py) | Create markdown and/or ATT&CK Navigator layers reporting on the changes between two versions of the STIX2 bundles representing the ATT&CK content. For default operation, put [enterprise-attack.json](https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json), [mobile-attack.json](https://github.com/mitre/cti/blob/master/mobile-attack/mobile-attack.json), and [pre-attack.json](https://github.com/mitre/cti/blob/master/pre-attack/pre-attack.json) bundles in 'old' and 'new' folders for the script to compare. Run `python3 diff_stix.py -h` for full usage instructions. |
+| [diff_stix.py](diff_stix.py) | Create markdown and/or ATT&CK Navigator layers reporting on the changes between two versions of the STIX2 bundles representing the ATT&CK content. For default operation, put [enterprise-attack.json](https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json) and [mobile-attack.json](https://github.com/mitre/cti/blob/master/mobile-attack/mobile-attack.json) bundles in 'old' and 'new' folders for the script to compare. Run `python3 diff_stix.py -h` for full usage instructions. |
 | [technique_mappings_to_csv.py](technique_mappings_to_csv.py) | Fetches the current ATT&CK content expressed as STIX2 and creates spreadsheet mapping Techniques with Mitigations, Groups or Software. Run `python3 technique_mappings_to_csv.py -h` for usage instructions. |
diff --git a/scripts/diff_stix.py b/scripts/diff_stix.py
@@ -12,18 +12,15 @@
 # helper maps
 domainToDomainLabel = {
     'enterprise-attack': 'Enterprise', 
-    'pre-attack': 'PRE-ATT&CK', 
     'mobile-attack': 'Mobile'
 }
 domainToLayerFileDomain = {
     'enterprise-attack': 'mitre-enterprise',
-    'mobile-attack': 'mitre-mobile',
-    'pre-attack': 'pre-attack'
+    'mobile-attack': 'mitre-mobile'
 }
 domainToTaxiiCollectionId = {
     "enterprise-attack": "95ecc380-afe9-11e4-9b6c-751b66dd541e",
     "mobile-attack": "2f669986-b40b-4423-b720-4396ca6a462b",
-    "pre-attack": "062767bd-02d2-4b72-84ba-56caef0f8658"
 }
 attackTypeToStixFilter = { # stix filters for querying for each type of data
     'technique': [Filter('type', '=', 'attack-pattern')],
@@ -69,7 +66,7 @@ class DiffStix(object):
     """
     def __init__(
         self,
-        domains=['enterprise-attack', 'pre-attack', 'mobile-attack'],
+        domains=['enterprise-attack', 'mobile-attack'],
         layers=None,
         markdown=None,
         minor_changes=False,
@@ -502,10 +499,6 @@ def get_layers_dict(self):
                 "tacticRowBackground": "#205b8f",
                 "selectTechniquesAcrossTactics": True
             }
-            # default to show pre-attack on pre layer
-            if domain == "pre-attack": layer_json["filters"] = {
-                "stages": ["prepare"]
-            }
 
             layers[domain] = layer_json
 
@@ -538,7 +531,6 @@ def layers_dict_to_files(outfiles, layers):
     # write each layer to separate files
     json.dump(layers['enterprise-attack'], open(outfiles[0], "w"), indent=4)
     json.dump(layers['mobile-attack'], open(outfiles[1], "w"), indent=4)
-    json.dump(layers['pre-attack'], open(outfiles[2], "w"), indent=4)
 
     verboseprint("done")
 
@@ -554,7 +546,7 @@ def layers_dict_to_files(outfiles, layers):
     ]
     
     parser = argparse.ArgumentParser(
-         description="Create -markdown and/or -layers reporting on the changes between two versions of the ATT&CK content. Takes STIX bundles as input. For default operation, put enterprise-attack.json, mobile-attack.json, and pre-attack.json bundles in 'old' and 'new' folders for the script to compare."
+         description="Create -markdown and/or -layers reporting on the changes between two versions of the ATT&CK content. Takes STIX bundles as input. For default operation, put enterprise-attack.json and mobile-attack.json bundles in 'old' and 'new' folders for the script to compare."
     )
 
     parser.add_argument("-old",
@@ -588,10 +580,10 @@ def layers_dict_to_files(outfiles, layers):
         nargs="+",
         metavar="DOMAIN",
         choices=[
-            "enterprise-attack", "pre-attack", "mobile-attack"
+            "enterprise-attack", "mobile-attack"
         ],
         default=[
-            "enterprise-attack", "pre-attack", "mobile-attack"
+            "enterprise-attack", "mobile-attack"
         ],
         help="which domains to report on. Choices (and defaults) are %(choices)s"
     )
