File "/home/dev/DeTTACT/group_mapping.py", line 179, in get_group_techniques json_platform = e['platform'] KeyError: 'platform'
sri-telstra opened this issue · 10 comments
Hi In regards to generating the attack_windows_all.json file based on all the ATT&CK techniques, I seem to receive an error in recognizing the keyword 'platform' in get_group_techniques line:179.
The error as received is reported below for your reference.
Traceback (most recent call last):
File "dettact.py", line 202, in
menu(init_menu())
File "dettact.py", line 153, in menu
generate_group_heat_map(args.groups, args.overlay, args.overlay_type, args.stage, args.platform, args.software_group)
File "/home/dev/DeTTACT/group_mapping.py", line 452, in generate_group_heat_map
groups_dict = get_group_techniques(groups, stage, platform, groups_file_type)
File "/home/dev/DeTTACT/group_mapping.py", line 179, in get_group_techniques json_platform = e['platform'] KeyError: 'platform'
Hi Sri-telstra,
Could you provide the exact command you've executed? I'm unable to replicate this issue by executing the following command:
python3.7 dettact.py g -g all
Written layer: output/attack_windows_all.json
Regards,
Marcus
Sure no problem. The command and the output are provided below.
dev@ubuntu:~/DeTTACT$ python3 dettact.py g
Traceback (most recent call last):
File "dettact.py", line 202, in
menu(init_menu())
File "dettact.py", line 153, in menu
generate_group_heat_map(args.groups, args.overlay, args.overlay_type, args.stage, args.platform, args.software_group)
File "/home/dev/DeTTACT/group_mapping.py", line 452, in generate_group_heat_map
groups_dict = get_group_techniques(groups, stage, platform, groups_file_type)
File "/home/dev/DeTTACT/group_mapping.py", line 179, in get_group_techniques
json_platform = e['platform']
KeyError: 'platform'
Which version of Python are you running?
You could try to delete the folder 'cache'. This folder contains a cached version of the MITRE ATT&CK data retrieved through their STIX/TAXII API (after 24 hours cached data is cleared automatically). Maybe there is a fault in this data that causes this error.
python3 --version
Python 3.6.7
Yes, I believed this could be the case and tested after clearing (and deleting) the cache folder. However, the error continues to remain. Interestingly, this particular command did work once and since then it has failed with the same error. Is there a keyword definition conflict?
Many thanks for your help mate!
Hi sri-telstra,
I've tested around and found that when using attackcti version 0.1.7, I'm getting the exact same error as you have. So I would advise to check your attackcti version (with "pip3 list" for example). You should use the latest release version: 0.2.1.
Regards,
Ruben
Thank you Ruben, it appears the attackcti package version is the latest, however, the install has probably not gone thru since there is a segmentation fault.
Let me get to the root of this issue and get back reg the status of command in discussion.
Cheers.
Hi @sri-telstra
Did you succeed in getting around this error? Can we close the issue?
Regards,
Ruben
Hi @sri-telstra
Did you succeed in getting around this error? Can we close the issue?
Regards,
Ruben
Apologies Gents, The error continues to persist. I haven't yet managed to root-out the problem. Clearing the cache also doesn't resolve it. The only part that I'm held up on is the attack-all map being generated, others work fine. You may close the issue for now. Will try and resolve it in the down time.
@sri-telstra may be interesting for you. DeTT&CT is now available as Docker image: https://github.com/rabobank-cdc/DeTTECT/wiki/Installation-and-requirements#docker
Thank you Marcus, this is indeed interesting. Will try it out. Cheers.