Merge pull request #59 from center-for-threat-informed-defense/bugs/#58…

…-duplicate-mappings

Resolve duplicate mappings

CHANGELOG.md

@@ -13,13 +13,7 @@
 <!--    ### New Features                                                -->
 <!--    ### Improvements                                                -->
 <!--    ### Fixes                                                       -->
-# 7 January 2021
-## nist800-53-r4 v1.1 and nist800-53-r5 v1.1
+# 12 January 2021
 ### Fixes
-- Fixed broken regex which was leading to erroneous mappings, in particular mappings to control enhancements. See issue [#56](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/issues/56).
-
-# 15 December 2020
-### New Features
-- Initial release of security control framework mapping methodology and tools. 
-- Initial release of NIST 800-53 R4 mappings to ATT&CK version 8.1.
-- Initial release of NIST 800-53 R5 mappings to ATT&CK version 8.1.
+- Fixes parse_mappings.py for nist800-53-r4 and nist800-53-r5 to remove duplicate entries in "mitigates"
+- Rerun make.py to update all content based on the fix

frameworks/nist800-53-r4/layers/README.md

@@ -109,10 +109,10 @@ The following [ATT&CK Navigator](https://github.com/mitre-attack/attack-navigato
         - SI-12 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_family/System_And_Information_Integrity/SI-12.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_family%2FSystem_And_Information_Integrity%2FSI-12.json) )
         - SI-15 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_family/System_And_Information_Integrity/SI-15.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_family%2FSystem_And_Information_Integrity%2FSI-15.json) )
         - SI-16 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_family/System_And_Information_Integrity/SI-16.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_family%2FSystem_And_Information_Integrity%2FSI-16.json) )
+    - impact=LOW mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_impact/LOW.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_impact%2FLOW.json) )
+    - impact=MODERATE mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_impact/MODERATE.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_impact%2FMODERATE.json) )
+    - impact=HIGH mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_impact/HIGH.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_impact%2FHIGH.json) )
     - priority=P1 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_priority/P1.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_priority%2FP1.json) )
     - priority=P2 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_priority/P2.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_priority%2FP2.json) )
     - priority=P0 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_priority/P0.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_priority%2FP0.json) )
-    - priority=P3 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_priority/P3.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_priority%2FP3.json) )
-    - impact=LOW mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_impact/LOW.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_impact%2FLOW.json) )
-    - impact=MODERATE mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_impact/MODERATE.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_impact%2FMODERATE.json) )
-    - impact=HIGH mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_impact/HIGH.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_impact%2FHIGH.json) )
+    - priority=P3 mappings ( [download](https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/master/frameworks/nist800-53-r4/layers/by_priority/P3.json) | [view](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Fattack-control-framework-mappings%2Fmaster%2Fframeworks%2Fnist800-53-r4%2Flayers%2Fby_priority%2FP3.json) )

frameworks/nist800-53-r4/parse_mappings.py

@@ -52,7 +52,7 @@ def parse_mappings(mappingspath, controls, relationship_ids={}):
     for attackobject in tqdm(attackdata, desc="parsing ATT&CK data", bar_format=tqdmformat):
         if not attackobject["type"] == "relationship":
             # skip objects without IDs
-            if not "external_references" in attackobject: continue
+            if "external_references" not in attackobject: continue
             # skip deprecated and revoked objects
             if "revoked" in attackobject and attackobject["revoked"]: continue
             if "x_mitre_deprecated" in attackobject and attackobject["x_mitre_deprecated"]: continue
@@ -66,16 +66,16 @@ def parse_mappings(mappingspath, controls, relationship_ids={}):
             controlID_to_stixID[sdo["external_references"][0]["external_id"]] = sdo["id"]
 
     # build mapping relationships
-    relationships = []
+    relationships = {}
     mappings_df = pd.read_csv(mappingspath, sep="\t", keep_default_na=False, header=0)
     for index, row in tqdm(list(mappings_df.iterrows()), desc="parsing mappings", bar_format=tqdmformat):
         # create list of control STIX IDs matching this row
         fromIDs = dict_regex_lookup(controlID_to_stixID, row["controlID"])
         # create list of technique STIX IDs matching this row
         toIDs = dict_regex_lookup(attackID_to_stixID, row["techniqueID"])
         # only have a description if the row does
-        description = row["description"] if row["description"] else None
-        
+        # description = row["description"] if row["description"] else None
+
         if not fromIDs:
             print(Fore.RED + "ERROR: cannot find controlID", row["controlID"], Fore.RESET)
         if not toIDs:
@@ -88,13 +88,14 @@ def parse_mappings(mappingspath, controls, relationship_ids={}):
             for toID in toIDs:
                 joined_id = f"{fromID}---{toID}"
                 # build the mapping relationship
-                relationships.append(Relationship(
+                r = Relationship(
                     id=relationship_ids[joined_id] if joined_id in relationship_ids else None,
                     source_ref=fromID,
                     target_ref=toID,
                     relationship_type="mitigates",
-                    description=description
-                ))
+                )
+                if joined_id not in relationships:
+                    relationships[joined_id] = r
 
     # construct and return the bundle of relationships
-    return Bundle(relationships)
+    return Bundle(*relationships.values())