Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(mitre azure): add mapping to mitre for azure provider #3857

Merged
merged 14 commits into from
Apr 30, 2024
Merged

chore(mitre azure): add mapping to mitre for azure provider #3857

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
8b80d76
chore(mitre azure): add mapping to mitre for azure provider
n4ch04 Apr 25, 2024
e11d1f0
chore(mitre): make mitre reporting general
n4ch04 Apr 26, 2024
79948c2
fix(compliance models): delete comment
n4ch04 Apr 26, 2024
9cda99c
fix(renaming): rename mitre module & delete debug code
n4ch04 Apr 29, 2024
b9f38d9
fix(compliance mitre): Attributes service label per provider
n4ch04 Apr 29, 2024
ba716a9
fix(compliance models): specific mitre provide model
n4ch04 Apr 29, 2024
1919a12
fix(mitre): show mitre well in dashboards
n4ch04 Apr 29, 2024
cd18957
fix(comments): address comments
n4ch04 Apr 29, 2024
6d1854e
fix(compliance models): delete unused code
n4ch04 Apr 29, 2024
4dc9f8b
fix(mitre attack): fix dynamic import
n4ch04 Apr 29, 2024
49f7fa2
fix(mitre azure): delete aws check
n4ch04 Apr 30, 2024
2f698b1
Update prowler/__main__.py
n4ch04 Apr 30, 2024
669d59a
Update prowler/lib/outputs/compliance/mitre_attack/models.py
n4ch04 Apr 30, 2024
bcbed55
Update prowler/lib/outputs/compliance/mitre_attack/models.py
n4ch04 Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions prowler/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ def prowler():
bulk_checks_metadata = update_checks_metadata_with_compliance(
bulk_compliance_frameworks, bulk_checks_metadata
)

n4ch04 marked this conversation as resolved.
Show resolved Hide resolved
# Update checks metadata if the --custom-checks-metadata-file is present
custom_checks_metadata = None
if custom_checks_metadata_file:
Expand Down
232 changes: 116 additions & 116 deletions prowler/compliance/aws/mitre_attack_aws.json
View file
Open in desktop

Large diffs are not rendered by default.

2,496 changes: 2,496 additions & 0 deletions prowler/compliance/azure/mitre_attack_azure.json
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion prowler/lib/check/compliance_models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ class ISO27001_2013_Requirement_Attribute(BaseModel):
class Mitre_Requirement_Attribute(BaseModel):
"""MITRE Requirement Attribute"""

AWSService: str
Service: str
Category: str
Value: str
Comment: str
Expand Down
14 changes: 5 additions & 9 deletions prowler/lib/outputs/compliance/compliance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@
from prowler.lib.outputs.compliance.iso27001_2013_aws import (
write_compliance_row_iso27001_2013_aws,
)
from prowler.lib.outputs.compliance.mitre_attack_aws import (
from prowler.lib.outputs.compliance.mittre_attack import (
get_mitre_attack_table,
write_compliance_row_mitre_attack_aws,
write_compliance_row_mitre_attack,
)


Expand Down Expand Up @@ -77,7 +77,6 @@
)
if compliance_name.replace("-", "_") in input_compliance_frameworks:
check_compliances.append(compliance)

return check_compliances


Expand Down Expand Up @@ -125,12 +124,9 @@
file_descriptors, finding, compliance, output_options, provider
)

elif (
compliance.Framework == "MITRE-ATTACK"
and compliance.Version == ""
and compliance.Provider == "AWS"
):
write_compliance_row_mitre_attack_aws(
elif compliance.Framework == "MITRE-ATTACK" and compliance.Version == "":

Check warning on line 127 in prowler/lib/outputs/compliance/compliance.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/compliance.py#L127 

Added line #L127 was not covered by tests
# print(file_descriptors)
n4ch04 marked this conversation as resolved.
Show resolved Hide resolved
write_compliance_row_mitre_attack(

Check warning on line 129 in prowler/lib/outputs/compliance/compliance.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/compliance.py#L129 

Added line #L129 was not covered by tests
file_descriptors, finding, compliance, output_options, provider
)

Expand Down
129 changes: 74 additions & 55 deletions ...ib/outputs/compliance/mitre_attack_aws.py → ...r/lib/outputs/compliance/mittre_attack.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,74 +1,91 @@
from csv import DictWriter
from importlib import import_module

from colorama import Fore, Style
from tabulate import tabulate

from prowler.config.config import orange_color, timestamp
from prowler.lib.outputs.compliance.models import Check_Output_MITRE_ATTACK
from prowler.lib.logger import logger
from prowler.lib.outputs.csv.csv import generate_csv_fields
from prowler.lib.outputs.utils import unroll_list
from prowler.lib.utils.utils import outputs_unix_timestamp


def write_compliance_row_mitre_attack_aws(
def write_compliance_row_mitre_attack(
file_descriptors, finding, compliance, output_options, provider
):
compliance_output = compliance.Framework
if compliance.Version != "":
compliance_output += "_" + compliance.Version
if compliance.Provider != "":
compliance_output += "_" + compliance.Provider
try:
compliance_output = compliance.Framework
if compliance.Version != "":
compliance_output += "_" + compliance.Version
if compliance.Provider != "":
compliance_output += "_" + compliance.Provider

Check warning on line 22 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L17-L22 

Added lines #L17 - L22 were not covered by tests

compliance_output = compliance_output.lower().replace("-", "_")
csv_header = generate_csv_fields(Check_Output_MITRE_ATTACK)
csv_writer = DictWriter(
file_descriptors[compliance_output],
fieldnames=csv_header,
delimiter=";",
)
for requirement in compliance.Requirements:
requirement_description = requirement.Description
requirement_id = requirement.Id
requirement_name = requirement.Name
attributes_aws_services = ", ".join(
attribute.AWSService for attribute in requirement.Attributes
)
attributes_categories = ", ".join(
attribute.Category for attribute in requirement.Attributes
)
attributes_values = ", ".join(
attribute.Value for attribute in requirement.Attributes
)
attributes_comments = ", ".join(
attribute.Comment for attribute in requirement.Attributes
)
compliance_row = Check_Output_MITRE_ATTACK(
Provider=finding.check_metadata.Provider,
Description=compliance.Description,
AccountId=provider.identity.account,
Region=finding.region,
AssessmentDate=outputs_unix_timestamp(
output_options.unix_timestamp, timestamp
),
Requirements_Id=requirement_id,
Requirements_Description=requirement_description,
Requirements_Name=requirement_name,
Requirements_Tactics=unroll_list(requirement.Tactics),
Requirements_SubTechniques=unroll_list(requirement.SubTechniques),
Requirements_Platforms=unroll_list(requirement.Platforms),
Requirements_TechniqueURL=requirement.TechniqueURL,
Requirements_Attributes_AWSServices=attributes_aws_services,
Requirements_Attributes_Categories=attributes_categories,
Requirements_Attributes_Values=attributes_values,
Requirements_Attributes_Comments=attributes_comments,
Status=finding.status,
StatusExtended=finding.status_extended,
ResourceId=finding.resource_id,
CheckId=finding.check_metadata.CheckID,
Muted=finding.muted,
mitre_attack_model_name = "Check_Output_MITRE_ATTACK_" + compliance.Provider
module = import_module("prowler.lib.outputs.compliance.models")
mitre_attack_model = getattr(module, mitre_attack_model_name)
compliance_output = compliance_output.lower().replace("-", "_")
csv_header = generate_csv_fields(mitre_attack_model)
csv_writer = DictWriter(

Check warning on line 29 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L24-L29 

Added lines #L24 - L29 were not covered by tests
file_descriptors[compliance_output],
fieldnames=csv_header,
delimiter=";",
)
for requirement in compliance.Requirements:
requirement_description = requirement.Description
requirement_id = requirement.Id
requirement_name = requirement.Name
attributes_services = ", ".join(

Check warning on line 38 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L34-L38 

Added lines #L34 - L38 were not covered by tests
attribute.Service for attribute in requirement.Attributes
)
attributes_categories = ", ".join(

Check warning on line 41 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L41 

Added line #L41 was not covered by tests
attribute.Category for attribute in requirement.Attributes
)
attributes_values = ", ".join(

Check warning on line 44 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L44 

Added line #L44 was not covered by tests
attribute.Value for attribute in requirement.Attributes
)
attributes_comments = ", ".join(

Check warning on line 47 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L47 

Added line #L47 was not covered by tests
attribute.Comment for attribute in requirement.Attributes
)

common_data = {

Check warning on line 51 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L51 

Added line #L51 was not covered by tests
"Provider": finding.check_metadata.Provider,
"Description": compliance.Description,
"AssessmentDate": outputs_unix_timestamp(
output_options.unix_timestamp, timestamp
),
"Requirements_Id": requirement_id,
"Requirements_Name": requirement_name,
"Requirements_Description": requirement_description,
"Requirements_Tactics": unroll_list(requirement.Tactics),
"Requirements_SubTechniques": unroll_list(requirement.SubTechniques),
"Requirements_Platforms": unroll_list(requirement.Platforms),
"Requirements_TechniqueURL": requirement.TechniqueURL,
"Requirements_Attributes_Services": attributes_services,
"Requirements_Attributes_Categories": attributes_categories,
"Requirements_Attributes_Values": attributes_values,
"Requirements_Attributes_Comments": attributes_comments,
"Status": finding.status,
"StatusExtended": finding.status_extended,
"ResourceId": finding.resource_id,
"CheckId": finding.check_metadata.CheckID,
"Muted": finding.muted,
}
if compliance.Provider == "AWS":
common_data["AccountId"] = provider.identity.account
common_data["Region"] = finding.region
elif compliance.Provider == "Azure":
common_data["SubscriptionId"] = unroll_list(

Check warning on line 78 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L74-L78 

Added lines #L74 - L78 were not covered by tests
provider.identity.subscriptions
)

compliance_row = mitre_attack_model(**common_data)

Check warning on line 82 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L82 

Added line #L82 was not covered by tests

csv_writer.writerow(compliance_row.__dict__)
csv_writer.writerow(compliance_row.__dict__)
except Exception as error:
logger.critical(

Check warning on line 86 in prowler/lib/outputs/compliance/mittre_attack.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/compliance/mittre_attack.py#L84-L86 

Added lines #L84 - L86 were not covered by tests
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)


def get_mitre_attack_table(
Expand All @@ -92,12 +109,14 @@
for index, finding in enumerate(findings):
check = bulk_checks_metadata[finding.check_metadata.CheckID]
check_compliances = check.Compliance
# print(check_compliances)
for compliance in check_compliances:
if (
"MITRE-ATTACK" in compliance.Framework
and compliance.Version in compliance_framework
):
for requirement in compliance.Requirements:
# print(requirement)
for tactic in requirement.Tactics:
if tactic not in tactics:
tactics[tactic] = {"FAIL": 0, "PASS": 0, "Muted": 0}
Expand Down
33 changes: 30 additions & 3 deletions prowler/lib/outputs/compliance/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@


# TODO: move this to outputs/<compliance>/models.py
class Check_Output_MITRE_ATTACK(BaseModel):
class Check_Output_MITRE_ATTACK_AWS(BaseModel):
n4ch04 marked this conversation as resolved.
Show resolved Hide resolved
"""
Check_Output_MITRE_ATTACK generates a finding's output in CSV MITRE ATTACK format.
Check_Output_MITRE_ATTACK generates a finding's output in CSV MITRE ATTACK format for AWS.
"""

Provider: str
Expand All @@ -21,7 +21,34 @@ class Check_Output_MITRE_ATTACK(BaseModel):
Requirements_SubTechniques: str
Requirements_Platforms: str
Requirements_TechniqueURL: str
Requirements_Attributes_AWSServices: str
Requirements_Attributes_Services: str
Requirements_Attributes_Categories: str
Requirements_Attributes_Values: str
Requirements_Attributes_Comments: str
Status: str
StatusExtended: str
ResourceId: str
CheckId: str
Muted: bool


class Check_Output_MITRE_ATTACK_Azure(BaseModel):
n4ch04 marked this conversation as resolved.
Show resolved Hide resolved
"""
Check_Output_MITRE_ATTACK generates a finding's output in CSV MITRE ATTACK format for AWS.
"""

Provider: str
Description: str
SubscriptionId: str
AssessmentDate: str
Requirements_Id: str
Requirements_Name: str
Requirements_Description: str
Requirements_Tactics: str
Requirements_SubTechniques: str
Requirements_Platforms: str
Requirements_TechniqueURL: str
Requirements_Attributes_Services: str
Requirements_Attributes_Categories: str
Requirements_Attributes_Values: str
Requirements_Attributes_Comments: str
Expand Down
12 changes: 10 additions & 2 deletions prowler/lib/outputs/file_descriptors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
Check_Output_CSV_GCP_CIS,
Check_Output_CSV_Generic_Compliance,
Check_Output_CSV_KUBERNETES_CIS,
Check_Output_MITRE_ATTACK,
Check_Output_MITRE_ATTACK_AWS,
Check_Output_MITRE_ATTACK_Azure,
)
from prowler.lib.outputs.csv.csv import generate_csv_fields
from prowler.lib.utils.utils import file_exists, open_file
Expand Down Expand Up @@ -117,6 +118,13 @@
Check_Output_CSV_AZURE_CIS,
)
file_descriptors.update({output_mode: file_descriptor})
elif output_mode == "mitre_attack_azure":
file_descriptor = initialize_file_descriptor(

Check warning on line 122 in prowler/lib/outputs/file_descriptors.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/file_descriptors.py#L121-L122 

Added lines #L121 - L122 were not covered by tests
filename,
output_mode,
Check_Output_MITRE_ATTACK_Azure,
)
file_descriptors.update({output_mode: file_descriptor})

Check warning on line 127 in prowler/lib/outputs/file_descriptors.py

View check run for this annotation

Codecov / codecov/patch

prowler/lib/outputs/file_descriptors.py#L127 

Added line #L127 was not covered by tests
else:
file_descriptor = initialize_file_descriptor(
filename,
Expand Down Expand Up @@ -170,7 +178,7 @@
file_descriptor = initialize_file_descriptor(
filename,
output_mode,
Check_Output_MITRE_ATTACK,
Check_Output_MITRE_ATTACK_AWS,
)
file_descriptors.update({output_mode: file_descriptor})

Expand Down
1 change: 0 additions & 1 deletion prowler/lib/outputs/outputs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ def report(check_findings, provider):
available_compliance_frameworks
)
)

fill_compliance(
output_options,
finding,
Expand Down