daan

# Required module > ImportExcel  
# Install it like this >  "Install-Module ImportExcel"
#
# Get the dataset from the ATT&CK matrix
# TODO:
# Diff online and offline, to only download on updates
# parameters for download, xlsx file and so on.

write-host "[+] Loading MITRE ATT&CK Data" -ForegroundColor Cyan
$dataset=Get-Content -Path enterprise-attack.json | ConvertFrom-Json | 	Select-Object -ExpandProperty objects  | where type -eq "attack-pattern" 

$Collection =@()
foreach ($object in $dataset)
	{        
	$Props = @{
		'ID' = $object.external_references.'external_id'
		'Data Source' = $object.'x_mitre_data_sources'
		'Name' = $object.'name'
		'Detection' = $object.'x_mitre_detection'
		'Platforms' = $object.'x_mitre_platforms'
		'Description' = $object.'description'
		'Tactic' = $object.'kill_chain_phases'.'phase_name'
		}
	$TotalObjects = New-Object PSCustomObject -Property $Props
	$Collection += $TotalObjects
	}

write-host "[++] Updating your Data Source sheet" -ForegroundColor Cyan	
$Collection | Select-Object  @{Name ="ID"; Expression={$_.ID -split "," }},@{Name ="Name"; Expression={$_.Name -join ","}},@{Name="Data Source";Expression={$_.'Data Source' -join ","}},@{Name="Platforms";Expression={$_.'Platforms' -join ","}},@{Name="Detection";Expression={$_.'Detection' -join ","}},@{Name="Description";Expression={$_.'Description' -join ","}},@{Name="Tactic";Expression={$_.'Tactic' -join ","}} | Sort ID | Export-Excel "C:\Users\ohartong\tools\ATTACKdatamap\mitre_data_assessment.xlsx" -WorksheetName REF-DataSources