in detection_rules/docs.py [0:0]
def threat_mapping_str(self) -> str:
"""Generate the threat mapping section for the rule detail page."""
values = [MDX.bold_kv('Framework', 'MITRE ATT&CK^TM^')]
for entry in self.rule['threat']:
tactic = entry['tactic']
entry_values = [
MDX.bulleted(MDX.bold('Tactic:')),
MDX.bulleted(f'Name: {tactic["name"]}', depth=2),
MDX.bulleted(f'ID: {tactic["id"]}', depth=2),
MDX.bulleted(f'Reference URL: {tactic["reference"]}', depth=2)
]
techniques = entry.get('technique', [])
for technique in techniques:
entry_values.extend([
MDX.bulleted('Technique:'),
MDX.bulleted(f'Name: {technique["name"]}', depth=3),
MDX.bulleted(f'ID: {technique["id"]}', depth=3),
MDX.bulleted(f'Reference URL: {technique["reference"]}', depth=3)
])
subtechniques = technique.get('subtechnique', [])
for subtechnique in subtechniques:
entry_values.extend([
MDX.bulleted('Sub-technique:'),
MDX.bulleted(f'Name: {subtechnique["name"]}', depth=3),
MDX.bulleted(f'ID: {subtechnique["id"]}', depth=3),
MDX.bulleted(f'Reference URL: {subtechnique["reference"]}', depth=4)
])
values.extend(entry_values)
return '\n'.join(values)