msticpy.data.drivers.mordor_driver module
Mordor/OTRF Security datasets driver.
- class msticpy.data.drivers.mordor_driver.MitreAttack(attack: Optional[Dict[str, Any]] = None, technique: Optional[str] = None, sub_technique: Optional[str] = None, tactics: Optional[List[str]] = None)
Bases:
object
MitreAttack container for techniques and tactics.
Create instance of MitreAttack.
- Parameters
- MTR_TAC_URI = 'https://attack.mitre.org/tactics/{tactic_id}/'
- MTR_TECH_URI = 'https://attack.mitre.org/techniques/{technique_id}/'
- property technique_desc: Optional[str]
Return Mitre technique description.
- Returns
Technique description
- Return type
Optional[str]
- class msticpy.data.drivers.mordor_driver.MordorDriver(**kwargs)
Bases:
DriverBase
Mordor data driver.
Initialize the Mordor driver.
- add_query_filter(name, query_filter)
Add an expression to the query attach filter.
- connect(connection_str: Optional[str] = None, **kwargs)
Connect to data source.
- Parameters
connection_str (Optional[str]) – Connect to a data source
- property connected: bool
Return true if at least one connection has been made.
- Returns
True if a successful connection has been made.
- Return type
Notes
This does not guarantee that the last data source connection was successful. It is a best effort to track whether the provider has made at least one successful authentication.
- property driver_queries: Iterable[Dict[str, Any]]
Return generator of Mordor query definitions.
- Yields
Iterable[Dict[str, Any]] – Iterable of Dictionaries containing query definitions.
- static get_http_timeout(**kwargs)
Get http timeout from settings or kwargs.
- property instance: Optional[str]
Return instance name, if one is set.
- Returns
The name of driver instance or None if the driver does not support multiple instances
- Return type
Optional[str]
- property loaded: bool
Return true if the provider is loaded.
- Returns
True if the provider is loaded.
- Return type
Notes
This is not relevant for some providers.
- query(query: str, query_source: Optional[QuerySource] = None, **kwargs) Union[DataFrame, Any]
Execute query string and return DataFrame of results.
- Parameters
query (str) – The query to execute
query_source (QuerySource) – The query definition object
kwargs – Are passed to the underlying provider query method, if supported.
- Returns
A DataFrame (if successfull) or the underlying provider result if an error.
- Return type
Union[pd.DataFrame, Any]
- property query_attach_spec: Dict[str, Set[str]]
Parameters that determine whether a query is relevant for the driver.
- query_with_results(query: str, **kwargs) Tuple[DataFrame, Any]
Execute query string and return DataFrame plus native results.
- Parameters
query (str) – The query to execute
- Returns
A DataFrame and native results.
- Return type
Tuple[pd.DataFrame,Any]
- property schema: Dict[str, Dict]
Return current data schema of connection.
- Returns
Data schema of current connection.
- Return type
Dict[str, Dict]
- class msticpy.data.drivers.mordor_driver.MordorEntry(title: str, id: str, type: str, creation_date, modification_date, contributors: List[str] = NOTHING, author: Optional[str] = None, platform: Optional[str] = None, description: Optional[str] = None, tags: List[str] = NOTHING, files: List[Dict[str, Any]] = NOTHING, datasets: List[Dict[str, Any]] = NOTHING, attack_mappings: List[Dict[str, Any]] = NOTHING, notebooks: List[Dict[str, str]] = NOTHING, simulation: Dict[str, Any] = NOTHING, references: List[Any] = NOTHING, rel_file_paths: List[Dict[str, Any]] = NOTHING)
Bases:
object
Mordor data set metadata.
Method generated by attrs for class MordorEntry.
- get_attacks() List[MitreAttack]
Return list of Mitre attack classifications.
- Returns
List of MitreAttack definitions.
- Return type
List[MitreAttack]
- msticpy.data.drivers.mordor_driver.download_mdr_file(file_uri: str, use_cached: bool = True, save_folder: str = '.', silent: bool = False) DataFrame
Download data file from Mordor.
- Parameters
- Returns
DataFrame of Dataset
- Return type
pd.DataFrame
- msticpy.data.drivers.mordor_driver.get_mdr_data_paths(item_type='metadata') Generator[str, None, None]
Generate Mordor data sets from GitHub repo.
- Parameters
item_type (str, optional) – The type of item required, by default “metadata” Other values are “large”, “small.
- Yields
str – Iterable of paths
- msticpy.data.drivers.mordor_driver.search_mdr_data(mdr_data: Dict[str, MordorEntry], terms: Optional[str] = None, subset: Optional[Iterable[str]] = None) Set[str]
Return IDs for items matching terms.
- Parameters
mdr_data (Dict[str, MordorEntry]) – Mordor dataset
terms (str, optional) – Search terms, by default None (comma-separated values are treated as OR terms plus-separated values are treated as AND terms)
subset (Iterable[str], optional) – A subset of IDs over which to search, by default None
- Returns
The set of matching IDs.
- Return type
Set[str]