v1.2 - MITRE ATT&CK v10, bug fixes, some new features implemented.

Author: Cody Martin

Controllers/HomeController.cs

@@ -21,6 +21,7 @@ public class ThreatSources
     {
         public List<string> sources { get; set; }
         public string nistDescription { get; set; }
+        public string blsDescription { get; set; }
         public ThreatSources()
         {
             sources = new List<string>();
@@ -43,6 +44,13 @@ exploit the organization’s dependence on cyber
                 and communications technologies, and the
                 communications and information-handling capabilities
                 provided by those technologies)";
+
+            blsDescription = @"When selecting your threat source, it is important to model 
+                the associated Capability, Intent, and Targeting characteristics in a way that is consistent
+                across the entire scenario. Keep in mind that, in most cases, the threat source
+                is not changing during the scenario. This means that the threat source's modeled characteristics
+                should remain the same across each event. If you are unsure, refer to some of 
+                the templated threat sources for examples.";
         }
     }
 }

FactorModels/Techniques.cs

@@ -20,6 +20,7 @@
 <!--<button onclick="window.history.back();">BACK</button>-->
 <button onclick="saveSvgAsPng(document.getElementById('theSVG'), '@Model.Name' + '.png');">SAVE <span class="material-icons-outlined">save</span></button>
 <button onclick="copyMarkdown()">MARKDOWN <span class="material-icons-outlined">content_paste</span></button>
+<button onclick="blackWhite()">BLACK<span class="material-icons-outlined">swap_horizontal_circle</span>WHITE</button>
 <style>
 
     .link {
@@ -119,7 +120,8 @@
     var link = svg.selectAll(".link"),
         text = svg.selectAll(".text"),
         tspan = svg.selectAll(".tspan"),
-        node = svg.selectAll(".node");
+        node = svg.selectAll(".node"),
+        rect = svg.selectAll(".rect");
 
     d3.json("/graphs/graph.json", function (error, graph) {
         if (error) throw error;
@@ -155,6 +157,17 @@
             .on("dblclick", dblclick)
             .call(drag);
 
+        // Adding for text backgrounds
+        rect = svg.selectAll(".node-group")
+            .append("rect")
+            .data(force.nodes())
+            .attr("x", function (d) { return d.x; })
+            .attr("y", function (d) { return d.y; })
+            .attr("rx", 6)
+            .attr("ry", 6)
+            .style("fill", "#d2d2d2")
+            .style("opacity", "0.9");
+        // end
 
         text = svg.selectAll(".node-group")
             .append("text")
@@ -166,6 +179,22 @@
             .attr("class", "node-title")
             .call(wrap, 200);
 
+        //Adding for text background
+        svg.selectAll("text")
+            .each(function (d) { d.bbox = this.getBBox(); });
+
+        const xMargin = 4;
+        const yMargin = 2;
+        svg.selectAll("rect")
+            .data(force.nodes())
+            .attr("width", d => d.bbox.width + 2 * xMargin)
+            .attr("height", d => d.bbox.height + 2 * yMargin)
+            .attr("class", "node-rects")
+            .attr("transform", function (d) {
+                return `translate(-${xMargin}, -${d.bbox.height * 0.8 + yMargin})`
+            });
+        // end
+
         link_text = svg.selectAll(".link-group")
             .append("text")
             .data(force.links())
@@ -180,6 +209,7 @@
                 else { return (d.target.y + (d.source.y - d.target.y) / 2); }
             }).attr("fill", "Black")
             .style("font", "bold 18px Arial")
+            .attr("class", "link-numbers")
             .attr("dy", 20);
     });
 
@@ -200,11 +230,11 @@
             .attr("y", function (d) { return d.y - 32; });
 
         text.attr("x", function (d) { return d.x; })
-            .attr("y", function (d) { return d.y + 50; });
+            .attr("y", function (d) { return d.y + 55; });
 
         svg.selectAll("tspan")
             .attr("x", function (d) { return d.x; })
-            .attr("y", function (d) { return d.y + 50; });
+            .attr("y", function (d) { return d.y + 55; });
 
         link_text.attr("x", function (d) {
             if (d.target.x > d.source.x) { return (d.source.x + (d.target.x - d.source.x) / 2); }
@@ -214,6 +244,10 @@
                 if (d.target.y > d.source.y) { return (d.source.y + (d.target.y - d.source.y) / 2); }
                 else { return (d.target.y + (d.source.y - d.target.y) / 2); }
             });
+
+        svg.selectAll("rect")
+            .attr("x", function (d) { return d.x - d.bbox.width/2; })
+            .attr("y", function (d) { return d.y + 55 });
     }
 
     function tick_alpha() {
@@ -311,6 +345,38 @@
         var content = table.innerHTML;
         navigator.clipboard.writeText(content);
     }
+
+    function blackWhite() {
+        var titles = document.getElementsByClassName("node-title");
+        for (i = 0; i < titles.length; i++) {
+            if (titles[i].style.fill == "black") { titles[i].style.fill = "white"; }
+            else if (titles[i].style.fill == "white") { titles[i].style.fill = "black"; }
+            else { titles[i].style.fill = "white"; }
+        }
+
+        var linkNumbers = document.getElementsByClassName("link-numbers");
+        for (i = 0; i < linkNumbers.length; i++) {
+            var color = linkNumbers[i].style.fill;
+            if (color == "black") { linkNumbers[i].style.fill = "white"; }
+            else if (color == "white") { linkNumbers[i].style.fill = "black"; }
+            else { linkNumbers[i].style.fill = "white"; }
+        }
+
+        var body = document.body;
+        if (body.style.backgroundColor == "white") { body.style.backgroundColor = "black"; }
+        else if (body.style.backgroundColor == "black") { body.style.backgroundColor = "white"; }
+        else { body.style.backgroundColor = "black"; }
+
+        var rectangles = document.getElementsByClassName("node-rects");
+        for (i = 0; i < rectangles.length; i++) {
+            var color = rectangles[i].style.fill;
+            alert(color);
+            if (color == "rgb(210, 210, 210)") { rectangles[i].style.fill = "rgb(74, 74, 74)"; }
+            else if (color == "rgb(74, 74, 74)") { rectangles[i].style.fill = "rgb(210, 210, 210)"; }
+            else { rectangles[i].style.fill = "rgb(74, 74, 74)"; }
+        }
+
+    }
 </script>
 
 <pre id="markdown-table" style="display:none;">

FactorModels/ThreatSources.cs

@@ -55,10 +55,8 @@
                                 }
                             } }
                     </select>
-                </div>
 
-                <div class="form-group factor-container">
-                    <label for="capability-range">Attacker's Minimal Capability Required</label>
+                    <label style="padding-top:15px;" for="capability-range">Threat Source's Capability *</label>
                     <svg data-toggle="modal" data-target="#capabilityInfoModal" width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-info-square" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
                         <path fill-rule="evenodd" d="M14 1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1zM2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2H2z" />
                         <path d="M8.93 6.588l-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545 0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275 0-.375-.193-.304-.533L8.93 6.588z" />
@@ -78,10 +76,8 @@
                         <p class="ticks">9</p>
                         <p class="ticks">VH</p>
                     </div>
-                </div>
 
-                <div class="form-group factor-container">
-                    <label for="intent-range">Attacker's Minimal Intent Required</label>
+                    <label style="padding-top:15px;" for="intent-range">Threat Source's Intent *</label>
                     <svg data-toggle="modal" data-target="#intentInfoModal" width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-info-square" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
                         <path fill-rule="evenodd" d="M14 1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1zM2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2H2z" />
                         <path d="M8.93 6.588l-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545 0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275 0-.375-.193-.304-.533L8.93 6.588z" />
@@ -101,10 +97,8 @@
                         <p class="ticks">9</p>
                         <p class="ticks">VH</p>
                     </div>
-                </div>
 
-                <div class="form-group factor-container">
-                    <label for="targeting-range">Level of Targeting Required</label>
+                    <label style="padding-top:15px;" for="targeting-range">Threat Source's Targeting *</label>
                     <svg data-toggle="modal" data-target="#targetingInfoModal" width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-info-square" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
                         <path fill-rule="evenodd" d="M14 1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1zM2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2H2z" />
                         <path d="M8.93 6.588l-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545 0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275 0-.375-.193-.304-.533L8.93 6.588z" />
@@ -124,8 +118,8 @@
                         <p class="ticks">9</p>
                         <p class="ticks">VH</p>
                     </div>
+                    <div style="padding-top:15px;"><span style="font-weight:bold;">* NOTE:</span> These values should be consistent with the other events in this scenario.</div>
                 </div>
-
                 <div class="form-group factor-container">
                     <label for="relevance-list">Relevance to Findings</label>
                     <svg data-toggle="modal" data-target="#relevanceInfoModal" width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-info-square" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
@@ -174,10 +168,8 @@
                 <div class="form-group factor-container">
                     <label for="vulnerability">Finding Reference</label>
                     <textarea name="vulnerability" id="vulnerability" rows="2" class="form-control form-control-success text-light bg-dark" oninput="enabler()" placeholder="">@Model.stepList.First().Vulnerability</textarea>
-                </div>
-
-                <div class="form-group factor-container">
-                    <label for="severity-and-pervasiveness-range">Vulnerability Severity</label>
+                
+                    <label style="padding-top:15px;" for="severity-and-pervasiveness-range">Vulnerability Severity</label>
                     <svg data-toggle="modal" data-target="#severityInfoModal" width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-info-square" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
                         <path fill-rule="evenodd" d="M14 1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1zM2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2H2z" />
                         <path d="M8.93 6.588l-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545 0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275 0-.375-.193-.304-.533L8.93 6.588z" />
@@ -213,10 +205,8 @@
                 <div class="form-group factor-container">
                     <label for="vulnerability">Predisposing Condition</label>
                     <textarea name="condition" id="condition" rows="2" class="form-control form-control-success text-light bg-dark" oninput="enabler()" placeholder="">@Model.stepList.First().Condition</textarea>
-                </div>
-
-                <div class="form-group factor-container">
-                    <label for="pervasiveness-range">Pervasiveness of Predisposing Conditions</label>
+                
+                    <label style="padding-top:15px;" for="pervasiveness-range">Pervasiveness of Predisposing Conditions</label>
                     <svg data-toggle="modal" data-target="#pervasivenessInfoModal" width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-info-square" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
                         <path fill-rule="evenodd" d="M14 1H2a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1zM2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2H2z" />
                         <path d="M8.93 6.588l-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545 0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275 0-.375-.193-.304-.533L8.93 6.588z" />
@@ -718,10 +708,12 @@
                 <table class="table table-dark table-bordered">
                     <tr>
                         <th>NIST 800-30 Description</th>
+                        <th>BLS Description</th>
                     </tr>
                     @{
                         <tr>
                             <td>@ViewBag.sources.nistDescription</td>
+                            <td>@ViewBag.sources.blsDescription</td>
                         </tr>
                     }
                 </table>