in detection_rules/docs.py [0:0]
def threat_mapping_str(self) -> str:
"""Add the threat mapping section to the rule detail page."""
values = [AsciiDoc.bold_kv('Framework', 'MITRE ATT&CK^TM^'), '']
for entry in self.rule['threat']:
tactic = entry['tactic']
entry_values = [
AsciiDoc.bulleted('Tactic:'),
AsciiDoc.bulleted(f'Name: {tactic["name"]}', depth=2),
AsciiDoc.bulleted(f'ID: {tactic["id"]}', depth=2),
AsciiDoc.bulleted(f'Reference URL: {tactic["reference"]}', depth=2)
]
techniques = entry.get('technique', [])
for technique in techniques:
entry_values.extend([
AsciiDoc.bulleted('Technique:'),
AsciiDoc.bulleted(f'Name: {technique["name"]}', depth=2),
AsciiDoc.bulleted(f'ID: {technique["id"]}', depth=2),
AsciiDoc.bulleted(f'Reference URL: {technique["reference"]}', depth=2)
])
subtechniques = technique.get('subtechnique', [])
for subtechnique in subtechniques:
entry_values.extend([
AsciiDoc.bulleted('Sub-technique:'),
AsciiDoc.bulleted(f'Name: {subtechnique["name"]}', depth=2),
AsciiDoc.bulleted(f'ID: {subtechnique["id"]}', depth=2),
AsciiDoc.bulleted(f'Reference URL: {subtechnique["reference"]}', depth=2)
])
values.extend(entry_values)
return '\n'.join(values)