Skip to content

Commit

Permalink
Load data via STIX 2.1 Collection Index (#629)
Browse files Browse the repository at this point in the history 
* load collection index

* rename function

* move domain class from stix directory

* remove unused code

* code smell

* parse collection index into domain/version structure

* add mimimum supported version to globals

* only parse valid versions

* cleanup styles

* update tabs note

* use domain identifier for layer compatibility

* code cleanup

* return properly for edge cases

* only parse most recent minor versions

* retrieve latest version during parsing

* remove tests for deleted function

* update svg domain section

* global replace

* backwards compatibility for versions structure

* config validation

* remove unused code

* add enabled option to user defined versions

* update existing tests

* config validation tests

* add dataservice tests

* data service tests

* tabs component tests

* autoformatter

* remove old layer file format specs

* update readme

* add link to stix 2.1 data

* support for taxii 2.1

* update docs

* autoformatter

* update version to 5.0.0

* minor changes

* minor change

* update documentation

* fix tests
  • Loading branch information
@clemiller
clemiller committed Apr 25, 2024
1 parent 3f33712 commit b25f8e0
Show file tree
Hide file tree
Showing 45 changed files with 793 additions and 1,039 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,16 @@
The creation of the tag can be disabled with the --no-git-tag-version if desired.
-->

# 5.0.0 - Changes staged on develop

## Improvements
- Updated Navigator to load data via the STIX 2.1 Collection Index. See issue [#607](https://github.com/mitre-attack/attack-navigator/issues/607).
- Added the `collection_index_url` property to `config.json` which specifies the URL to the collection index. By default, it is set to [ATT&CK's STIX 2.1 Collection Index](https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json). More information about Collection Indexes can be found [here](https://github.com/mitre-attack/attack-stix-data?tab=readme-ov-file#collection-indexes).
- Removed the hardcoded list of ATT&CK versions from the `versions` property in `config.json`. Support for this property is continued for loading custom versions of the dataset, integration with the ATT&CK Workbench, loading content from a TAXII server, and for offline hosting. For any issues encountered, please ensure the versions `enabled` property is set to `true` and the data is properly defined in the versions `entries` array.
- The `collection_index_url` property and/or the `versions` property must be defined for Navigator to load properly. When both properties are defined, the Navigator will display the union of the versions that are specified under the "More Options" dropdown in the "Create New Layer" interface. If neither are defined, the user will be alerted that the Navigator failed to load.
- Added support for loading content from a TAXII 2.1 server. See issue [#277](https://github.com/mitre-attack/attack-navigator/issues/277). For more information on how to load content from TAXII 2.1 see _Loading content from a TAXII server_ in the [README](README.md).
- Improved error handling when there is an issue loading the configuration file. See issue [#398](https://github.com/mitre-attack/attack-navigator/issues/398).

# 4.9.5 - 23 April 2024

Adds support for ATT&CK v15.0.
Expand Down
116 changes: 83 additions & 33 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,7 @@ The principal feature of the Navigator is the ability for users to define layers

The ATT&CK Navigator is hosted live via GitHub Pages. [You can find a live instance of the current version of the Navigator here](https://mitre-attack.github.io/attack-navigator). You can read more about how to use the application itself in the [USAGE](/USAGE.md) document (which is mirrored in the in-app help page).

Version 4.0 of the ATT&CK Navigator supports all ATT&CK domains in a single instance of the application instead of requiring a different instance for each domain. It also sees the introduction of support for the ICS domain. See [the changelog](CHANGELOG.md) for more information.

Additionally, older versions of ATT&CK can now be loaded in the application. The ATT&CK Navigator supports ATT&CK versions 8, 7, 6, 5, and 4. Older versions do not work in the application since their data model is too outdated.
Version 4.0+ of the ATT&CK Navigator supports all ATT&CK domains in a single instance of the application instead of requiring a different instance for each domain. Additionally, older versions of ATT&CK can be loaded in the application. The ATT&CK Navigator supports ATT&CK versions 4+. Older versions do not work in the application since their data model is too outdated.

Previous versions of the Navigator application are also hosted via GitHub Pages for users who want a more classic experience:
| ATT&CK Version | Navigator Version | Domains | |
Expand Down Expand Up @@ -66,11 +64,10 @@ _Note: `ng build --configuration production` does not currently work for ATT&CK
### Running the Navigator offline

1. Install the Navigator as per instructions above.
2. Follow instructions under [loading content from local files](#Loading-content-from-local-files) to configure the Navigator to populate the matrix without an internet connection. For enterprise-attack, use [this file](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json). For mobile-attack, use [this file](https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json). For pre-attack, use [this file](https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json).

### Common issues

1. If serving or compiling the application gives the warning `Module not found: can't resolve 'fs'`, run the command `npm run postinstall`. The postinstall step usually runs automatically after `npm install` to patch the `fs` issue, but in some environments it must be run manually.
2. Follow instructions under [loading content from local files](#Loading-content-from-local-files) to configure the Navigator to populate the matrix without an internet connection. The latest MITRE ATT&CK data files can be found here:
- [Enterprise ATT&CK](https://github.com/mitre-attack/attack-stix-data/raw/master/enterprise-attack/enterprise-attack.json).
- [Mobile ATT&CK](https://github.com/mitre-attack/attack-stix-data/raw/master/mobile-attack/mobile-attack.json).
- [ICS ATT&CK](https://github.com/mitre-attack/attack-stix-data/raw/master/ics-attack/ics-attack.json).

## Documentation

Expand Down Expand Up @@ -129,43 +126,96 @@ Example custom context menu objects:
}
```

## Loading content from a TAXII server
## Methods for loading content

### Loading content from a Collection Index

By default, the Navigator loads content from the ATT&CK Collection Index hosted on the [ATT&CK STIX Data repository](#related-mitre-work). More information about Collection Indexes can be found [here](https://github.com/mitre-attack/attack-stix-data?tab=readme-ov-file#collection-indexes).

1. Modify the `config.json` file located in the `src/assets` directory.
2. Set the `collection_index_url` property to the URL of your Collection Index (for example, `"collection_index_url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json"`)

*Note: For the Navigator to load successfully, either the `collection_index_url` property, the `versions` property, or both must be defined. If both the `collection_index_url` and `versions` properties are defined, the Navigator will display the union of the versions under the "More Options" dropdown in the "Create New Layer" interface. If neither are defined, an alert will be triggered indicating that the Navigator failed to load.*

*By default, the Navigator loads content from ATT&CK STIX data hosted on the [MITRE/CTI repository](#related-mitre-work). Note: TAXII 2.1/STIX 2.1 bundles are **not** supported when loading content from a TAXII server.*
### Loading content from a TAXII server

1. Edit the `config.json` file in the **nav-app/src/assets** directory.
2. Define the `taxii_url` property in place of the `data` property and set the value to your server's URL.
3. Define the `taxii_collection` property and set the value to the collection UUIDs your TAXII server has set.
Both TAXII 2.0 and TAXII 2.1 are currently supported. Support for TAXII 2.0 will be deprecated in December 2024. More information about the TAXII 2.1 Server can be found [here](https://github.com/mitre-attack/attack-workbench-taxii-server/tree/main).

Example loading content from a TAXII server:
1. Modify the `config.json` file located in the `src/assets` directory.
2. In the `versions` section, set the `enabled` property to `true`.
3. Define the `taxii_url` property in the list of domains, in place of the domain `data` property, and set its value to the TAXII server URL.
4. Define the `taxii_collection` property and set its value to the collection UUID as determined by the TAXII server.

#### Example loading content from a TAXII 2.0 server:

```json
"domains": [
{
"name": "Enterprise",
"taxii_url": "https://cti-taxii.mitre.org/",
"taxii_collection": "95ecc380-afe9-11e4-9b6c-751b66dd541e"
}
]
"versions": {
"enabled": true,
"entries": [
{
"name": "Enterprise TAXII 2.0 Data",
"version": "14",
"domains": [
{
"name": "Enterprise",
"taxii_url": "https://cti-taxii.mitre.org/",
"taxii_collection": "95ecc380-afe9-11e4-9b6c-751b66dd541e"
}
]
}
]
},
```

## Loading content from local files
#### Example loading content from a TAXII 2.1 server:

*It's possible to populate the the Navigator using files that consist of bundles of STIX objects, similarly to [this](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json) file. STIX 2.0 and STIX 2.1 bundles are supported.*
```json
"versions": {
"enabled": true,
"entries": [
{
"name": "Enterprise TAXII 2.1 Data",
"version": "14",
"domains": [
{
"name": "Enterprise",
"taxii_url": "https://attack-taxii.mitre.org/",
"taxii_collection": "x-mitre-collection--1f5f1533-f617-4ca8-9ab4-6a02367fa019"
}
]
}
]
},
```

1. Put the stix bundles in `src/assets`. This will tell the server hosting the Navigator to host the data as well.
2. Edit the `config.json` file in the **nav-app/src/assets** directory.
3. Change the URL specified in the `data` array to the path to the STIX bundle (e.g `assets/enterprise-attack.json`). Multiple paths may be added to the `data` array to display multiple STIX bundles in a single instance.
### Loading content from local files

Example loading content from local files:
Navigator can be populated using files that consist of bundles of STIX objects, similar to the format found in [this example](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json). Both STIX 2.0 and STIX 2.1 bundles are supported.

1. Place the STIX bundle(s) in the `src/assets` directory. This allows the server hosting the Navigator to also host the data.
2. Modify the `config.json` file located in the `src/assets` directory.
3. In the `versions` section, set the `enabled` property to `true`.
4. Update the URL specified in the `data` array to the path to the STIX bundle (for example, `assets/enterprise-attack.json`). Multiple paths may be added to the `data` array to display multiple STIX bundles in a single instance.

#### Example loading content from local files:

```json
"domains": [
{
"name": "Enterprise",
"data": ["assets/enterprise-attack.json"]
}
]
"versions": {
"enabled": true,
"entries": [
{
"name": "Local Enterprise STIX Data",
"version": "14",
"domains": [
{
"name": "Enterprise",
"identifier": "enterprise-attack",
"data": ["assets/enterprise-attack.json"]
}
]
}
]
},
```

## Running the Docker File
Expand Down
6 changes: 3 additions & 3 deletions layers/LAYERFORMATv4_5.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ The following example illustrates the layer file format of a single layer:
"name": "example layer",
"versions": {
"attack": "13",
"navigator": "4.9.1",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
Expand Down Expand Up @@ -233,7 +233,7 @@ The following example illustrates the layer file format of multiple layers. The
"name": "example layer",
"versions": {
"attack": "14",
"navigator": "4.9.1",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
Expand Down Expand Up @@ -351,7 +351,7 @@ The following example illustrates the layer file format of multiple layers. The
"name": "example layer",
"versions": {
"attack": "14",
"navigator": "4.9.1",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
Expand Down
12 changes: 6 additions & 6 deletions nav-app/angular.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,12 @@
}
]
},
"googleAnalytics": {
"index": {
"input": "src/index.google-analytics.html",
"output": "index.html"
}
}
"googleAnalytics": {
"index": {
"input": "src/index.google-analytics.html",
"output": "index.html"
}
}
},
"defaultConfiguration": ""
},
Expand Down
4 changes: 2 additions & 2 deletions nav-app/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion nav-app/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"type": "git",
"url": "https://github.com/mitre-attack/attack-navigator.git"
},
"version": "4.9.5",
"version": "5.0.0",
"license": "Apache-2.0",
"scripts": {
"ng": "ng",
Expand Down
80 changes: 42 additions & 38 deletions nav-app/redirects/enterprise/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,43 @@
<!DOCTYPE html>
<!doctype html>
<html lang="en">
<head>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GFD952VXH6"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-GFD952VXH6');
</script>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>ATT&amp;CK&reg; Navigator</title>
</head>
<body>
<div>
<h3>ATT&CK Navigator's Enterprise instance has moved to the new multi-domain instance.</h3>
<p>This page should automatically redirect. If it does not, please use the following link:</p>
<p><a href="https://mitre-attack.github.io/attack-navigator/">https://mitre-attack.github.io/attack-navigator/</a></p>
</div>

<style>
h3 {
font-size: 25px;
}
div {
max-width: 35em;
margin: 5vh auto;
}
.deemphasis {
color: rgb(171, 171, 171);
}
</style>
<script>
let configuration = window.location.hash
let redirectURL = "https://mitre-attack.github.io/attack-navigator" + configuration
console.log("redirecting to", redirectURL)
window.location = redirectURL;
</script>
</body>
</html>
<head>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GFD952VXH6"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() {
dataLayer.push(arguments);
}
gtag('js', new Date());
gtag('config', 'G-GFD952VXH6');
</script>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>ATT&amp;CK&reg; Navigator</title>
</head>
<body>
<div>
<h3>ATT&CK Navigator's Enterprise instance has moved to the new multi-domain instance.</h3>
<p>This page should automatically redirect. If it does not, please use the following link:</p>
<p><a href="https://mitre-attack.github.io/attack-navigator/">https://mitre-attack.github.io/attack-navigator/</a></p>
</div>

<style>
h3 {
font-size: 25px;
}
div {
max-width: 35em;
margin: 5vh auto;
}
.deemphasis {
color: rgb(171, 171, 171);
}
</style>
<script>
let configuration = window.location.hash;
let redirectURL = 'https://mitre-attack.github.io/attack-navigator' + configuration;
console.log('redirecting to', redirectURL);
window.location = redirectURL;
</script>
</body>
</html>

0 comments on commit b25f8e0

Please sign in to comment.