Blame view

CEPTD/docker/logstash/dist/setup-capec.sh 1.89 KB
0d8c0f816   Thanasis Naskos   initial commit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  #!/bin/sh
  
  # Adapting from https://github.com/dtag-dev-sec/listbot
  function processMap {
    ruleCount=$(wc -l < $1)
    # Just extract rules with CVE ID, for proper matching we also need SID
    let i=0
    let j=0
    while read -r sRule
    do
      i=$(( $i + 1 ))
      echo -ne "Processing rule ($i / $ruleCount)\r"
      cve=$(echo $sRule | grep -o -E "(cve,|CVE-|CAN-)([0-9]{4}-([0-9]{4}|[0-9]{5}))" | tr a-z A-Z | tr ",|-" " " | awk '{ print $1"-"$2"-"$3 }')
      if [ "$cve" != "" ]; then
        sid=$(echo $sRule | awk '{ print $1 }')
        echo $sid $cve >> $2
        j=$(( j + 1 ))
      fi
    done < "$1"
  }
  
  # URLs used for fetching
  capecUrl="https://capec.mitre.org/data/xml/views/1000.xml.zip"
  cweUrl="https://cwe.mitre.org/data/xml/views/1000.xml.zip"
  cveUrl="https://cve.mitre.org/data/downloads/allitems.xml"
  rulesMapping="http://rules.emergingthreatspro.com/open/suricata-5.0/rules/sid-msg.map"
  dbfiles=/opt/capec
  
  # Check to connection mitre.org
  wget -q --spider https://mitre.org
  mitreCon=$?
  
  # Check connection to ET
  wget -q --spider https://rules.emergingthreatspro.com
  etCon=$?
  
  if [ $mitreCon -eq 0 ] && [ $etCon -eq 0 ]; then
      echo "Downloading CAPEC..."
      wget ${capecUrl} -O /tmp/capec.xml.zip 2>&1 > /dev/null
      echo "Extracting CAPEC..."
      unzip -d /tmp /tmp/capec.xml.zip; mv /tmp/1000.xml ${dbfiles}/capec.xml
  
      echo "Downloading CWE..."
      wget ${cweUrl} -O /tmp/cwe.xml.zip 2>&1 > /dev/null
      echo "Extracting CWE..."
      unzip -d /tmp /tmp/cwe.xml.zip; mv /tmp/1000.xml ${dbfiles}/cwe.xml
  
      #echo "Downloading CVE..."
      #wget ${cveUrl} -O /tmp/cve.xml 2>&1 > /dev/null
  
      echo "Downloading Suricata to CVE mapping..."
      wget ${rulesMapping} -O /tmp/sid-msg.map 2>&1 > /dev/null
      processMap /tmp/sid-msg.map ${dbfiles}/sid-cve
  
      echo "Constructing CAPEC DB..."
      create_capec_db.py ${dbfiles} ${dbfiles}/capecdb.sqlite
  else
      echo "No connection to fetch data, exiting..."
      exit 1
  fi