Debrief is a CALDERA plugin for gathering overall campaign information and analytics for a set of operations.
Home Page: https://caldera.mitre.org/
A Caldera plugin: https://github.com/mitre/caldera
Debrief is a plugin for gathering overall campaign information and analytics for a selected set of operations. It provides a centralized view of operation metadata, graphical displays of the operations, the techniques and tactics used, and the facts discovered by the operations. The plugin additionally supports the export of campaign information and analytics in PDF format.
Example generated PDF: Caldera Debrief Report
Describe the bug
AFter executing an operation getting into debrief plugin, clicking on the operation, seeing the graph - but when exporting a pdf - getting empty pdf page. While exporting json gives me the full info.
To Reproduce
Run an operation
go to Debrief plugin
choose the operation
clock export PDF
Expected behavior
Expected PDF report
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Let me know which logs you need
Describe the bug
There are some error in terminal when i show graph in caldera platform
Traceback (most recent call last): File "/home/nsfocus/caldera/plugins/debrief/app/debrief_gui.py", line 82, in graph graph = await graphs[graph_type](operations) RuntimeError: coroutine raised StopIteration
Hi! I am new here!
Is there any way to link TTPs and CVEs through the Caldera?
Through the Pathfinder plugin I have received the network topology including the CVES, and then I have created an operation using as adversary the Thief.
Once the operation is done, I use the Debrief plugin to see how the operation is completed and then I can see the used TTPs.
Is there any way to export which CVEs are linked to each used TTP?
Thanks in advance!
What problem are you trying to solve? Please describe.
As a result of the simulation, the need to report and add the libraries created on the SIEM platform arose.
The ideal solution: What should the feature should do?
A similar code is shared below, which is open to development.
What category of feature is this?
If you have code or pseudo-code please provide:
import requests
from reportlab.lib.units import inch
from reportlab.platypus import Paragraph
from plugins.debrief.app.utility.base_report_section import BaseReportSection
from plugins.debrief.app.debrief_svc import DebriefService
class DebriefReportSection(BaseReportSection):
def __init__(self):
super().__init__()
self.id = 'tactic-technique-table'
self.display_name = 'Tactic and Technique Table'
self.section_title = 'TACTICS AND TECHNIQUES'
self.description = ''
self.api_key = "YOUR_API_KEY"
self.base_url = "https://your-qradar-server/api"
async def generate_section_elements(self, styles, **kwargs):
flowable_list = []
if 'operations' in kwargs:
operations = kwargs.get('operations', [])
ttps = DebriefService.generate_ttps(operations)
ttp_data_with_events = await self._search_qradar_events(ttps)
flowable_list.append(self.group_elements([
Paragraph(self.section_title, styles['Heading2']),
self._generate_ttps_table(ttp_data_with_events)
]))
return flowable_list
async def _search_qradar_events(self, ttps):
headers = {
"SEC": self.api_key,
"Content-Type": "application/json",
"Accept": "application/json"
}
ttp_data_with_events = []
for key, tactic in ttps.items():
technique_arr = []
for name, tid in tactic['techniques'].items():
technique_arr.append(tid + ': ' + name)
matching_events = []
for step in tactic['steps']:
query = f"SELECT * FROM events WHERE command='{step}'"
payload = {"query_expression": query}
response = requests.post(f"{self.base_url}/ariel/searches", headers=headers, json=payload)
search_id = response.json()["search_id"]
response = requests.get(f"{self.base_url}/ariel/searches/{search_id}", headers=headers)
if response.json()["status"] == "COMPLETED":
response = requests.get(f"{self.base_url}/ariel/searches/{search_id}/results", headers=headers)
matching_events.append(response.json())
ttp_data_with_events.append({
'tactic': tactic,
'matching_events': matching_events
})
return ttp_data_with_events
def _generate_ttps_table(self, ttp_data_with_events):
ttp_data = [['Tactics', 'Techniques', 'Abilities', 'Matching Events']]
for entry in ttp_data_with_events:
tactic = entry['tactic']
matching_events = entry['matching_events']
technique_arr = []
for name, tid in tactic['techniques'].items():
technique_arr.append(tid + ': ' + name)
ttp_data.append([tactic['name'].capitalize(), technique_arr, tactic['steps'], matching_events])
return self.generate_table(ttp_data, [1 * inch, 3 * inch, 1.5 * inch, 1.5 * inch])
Additional context
Thank you for your contribution!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.