From 5eddc9d3f42db5cf469f675db97930d5ede38fe0 Mon Sep 17 00:00:00 2001 From: William Ballenthin Date: Sun, 21 Jun 2020 17:59:16 -0600 Subject: [PATCH] scripts: migrate-rules: parse ATT&CK from tag name --- scripts/migrate-rules.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/scripts/migrate-rules.py b/scripts/migrate-rules.py index 2a648571..e42d24da 100644 --- a/scripts/migrate-rules.py +++ b/scripts/migrate-rules.py @@ -89,13 +89,15 @@ def main(argv=None): rule.meta["namespace"] = row["proposed namespace"] - rule.meta["att&ck"] = [ - row["ATT&CK"] - ] + if row["ATT&CK"] != 'n/a' and row["ATT&CK"] != "": + tag = row["ATT&CK"] + name, _, id = tag.rpartition(" ") + tag = "%s [%s]" % (name, id) + rule.meta["att&ck"] = [tag] - rule.meta["mbc"] = [ - row["MBC"] - ] + if row["MBC"] != 'n/a' and row["MBC"] != "": + tag = row["MBC"] + rule.meta["mbc"] = [tag] for rule in rules.values(): namespace = rule.meta.get("namespace")