| # Required module > ImportExcel | |
| # Install it like this > "Install-Module ImportExcel" | |
| # | |
| # Get the dataset from the ATT&CK matrix | |
| # TODO: | |
| # Diff online and offline, to only download on updates | |
| # parameters for download, xlsx file and so on. | |
| write-host "[+] Loading MITRE ATT&CK Data" -ForegroundColor Cyan | |
| $dataset=Get-Content -Path enterprise-attack.json | ConvertFrom-Json | Select-Object -ExpandProperty objects | where type -eq "attack-pattern" | |
| $Collection =@() | |
| foreach ($object in $dataset) | |
| { | |
| $Props = @{ | |
| 'ID' = $object.external_references.'external_id' | |
| 'Data Source' = $object.'x_mitre_data_sources' | |
| 'Name' = $object.'name' | |
| 'Detection' = $object.'x_mitre_detection' | |
| 'Platforms' = $object.'x_mitre_platforms' | |
| 'Description' = $object.'description' | |
| 'Tactic' = $object.'kill_chain_phases'.'phase_name' | |
| } | |
| $TotalObjects = New-Object PSCustomObject -Property $Props | |
| $Collection += $TotalObjects | |
| } | |
| write-host "[++] Updating your Data Source sheet" -ForegroundColor Cyan | |
| $Collection | Select-Object @{Name ="ID"; Expression={$_.ID -split "," }},@{Name ="Name"; Expression={$_.Name -join ","}},@{Name="Data Source";Expression={$_.'Data Source' -join ","}},@{Name="Platforms";Expression={$_.'Platforms' -join ","}},@{Name="Detection";Expression={$_.'Detection' -join ","}},@{Name="Description";Expression={$_.'Description' -join ","}},@{Name="Tactic";Expression={$_.'Tactic' -join ","}} | Sort ID | Export-Excel "C:\Users\ohartong\tools\ATTACKdatamap\mitre_data_assessment.xlsx" -WorksheetName REF-DataSources |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment