Error while generating a data source layer for the ATT&CK Navigator
s4vgR opened this issue · 2 comments
-- Detect Tactics, Techniques & Combat Threats --
version 1.2.6Menu: Data source mapping
Selected data source YAML file: input/sources.yaml
Options:
- Only include data sources which match the provided EQL query:
- Include all ATT&CK techniques in the generated YAML file that apply to the platform(s) specified in the data source YAML file: False
Select what you want to do:
3. Generate a data source layer for the ATT&CK Navigator.
4. Generate a graph with data sources added through time.
5. Generate an Excel sheet with all data sources.
6. Generate a technique administration YAML file with visibility scores, based on the number of available data sources
7. update the visibility scores within a technique administration YAML file based on changes within any of the data sources.
Past visibility scores are preserved in the score_logbook, and manually assigned scores are not updated without your approval.
The updated visibility are based on the number of available data sources.
8. Check the data sources YAML file for errors.
9. Back to main menu.3
Writing data sources layer...
Traceback (most recent call last):
File "dettect.py", line 299, in
_menu(_init_menu())
File "dettect.py", line 184, in _menu
interactive_menu()
File "/opt/DeTTECT/interactive_menu.py", line 74, in interactive_menu
_menu_data_source(_select_file(MENU_NAME_DATA_SOURCE_MAPPING, 'data sources', FILE_TYPE_DATA_SOURCE_ADMINISTRATION))
File "/opt/DeTTECT/interactive_menu.py", line 304, in _menu_data_source
_menu_data_source(filename_ds)
File "/opt/DeTTECT/interactive_menu.py", line 301, in _menu_data_source
interactive_menu()
File "/opt/DeTTECT/interactive_menu.py", line 74, in interactive_menu
_menu_data_source(_select_file(MENU_NAME_DATA_SOURCE_MAPPING, 'data sources', FILE_TYPE_DATA_SOURCE_ADMINISTRATION))
File "/opt/DeTTECT/interactive_menu.py", line 276, in _menu_data_source
generate_data_sources_layer(file_ds)
File "/opt/DeTTECT/data_source_mapping.py", line 17, in generate_data_sources_layer
my_data_sources, name, platform, exceptions = _load_data_sources(filename)
File "/opt/DeTTECT/data_source_mapping.py", line 202, in _load_data_sources
exceptions = [t['technique_id'] for t in yaml_content['exceptions'] if t['technique_id'] is not None]
File "/usr/local/lib/python3.7/site-packages/ruamel/yaml/comments.py", line 753, in getitem
return ordereddict.getitem(self, key)
KeyError: 'exceptions'
I've just started using your great tool, but encuntered this error when trying to generate a data source layer for the ATT&CK Navigator.
exceptions section was missing (although YAML verification passed)
Hi Filip,
Thanks for reporting this issue! I've made a small improvement in the code that now also allows a data source file without the exceptions key-value pair.