TR-3506 MITRE MAP Update by josehelps · Pull Request #413 · splunk/contentctl

josehelps · 2025-06-05T23:29:32Z

Updated to support latest navigator 5.1.0 also leveraging all the new features .. looks much nicer

xxx in ~/splunk/contentctl/security_content on develop ● λ poetry run contentctl report --enrichments
Successfully parsed [1730] Atomic Red Team Tests!
Performing MITRE Enrichment using the repository at external_repos/cti...Done!
   DEPLOYMENTS Progress: [100%]...Done!
       LOOKUPS Progress: [100%]...Done!
        MACROS Progress: [100%]...Done!
       STORIES Progress: [100%]...Done!
     BASELINES Progress: [100%]...Done!
INVESTIGATIONS Progress: [  0%]...Done!
  DATA_SOURCES Progress: [100%]...Done!
     PLAYBOOKS Progress: [100%]...Done!
    DETECTIONS Progress: [100%]...Done!
    DASHBOARDS Progress: [100%]...Done!
Creating GitHub Badges...
Generating coverage.json...

✅ MITRE ATT&CK Navigator layer file written to: reporting/coverage.json
📊 Coverage Summary:
   Total Detections: 1772
   Covered Techniques: 314
   Tactics with Coverage: 314

🗺️  To view the layer:
   1. Go to https://mitre-attack.github.io/attack-navigator/
   2. Click 'Open Existing Layer'
   3. Select the file: reporting/coverage.json
Reporting successfully written to 'reporting'

pyth0n1c · 2025-06-05T23:37:49Z

contentctl/output/attack_nav_output.py

 import pathlib
-from typing import List, Union
+from datetime import datetime
+from typing import Any, Dict, List, Set, TypedDict, Union


Since Python 3.9, it is not recommended to import simple(r) types from typing like list, dict, or set. This should just be used directly. For example instead of
x:List[str]
instead use
x:list[str]

I updated I updated attack_enrichment.py as well along these lines.

…nto TR-3506_mitre_update

syntax. Bump bugfix release in pyproject. Remove pandas requirement, which is not used, from pyproject.toml

pyth0n1c · 2025-06-10T16:24:14Z

pyproject.toml

 name = "contentctl"

-version = "5.5.3"
+version = "5.5.4"


Bumped patch version in prep for release.

Also, pandas dependency was removed as it is not required.

josehelps added 2 commits June 5, 2025 16:21

fixing enrichment map

1d13c3d

multiple metadata

f82bed7

josehelps requested a review from pyth0n1c June 5, 2025 23:29

Merge branch 'main' into TR-3506_mitre_update

0249365

pyth0n1c reviewed Jun 5, 2025

View reviewed changes

josehelps and others added 3 commits June 5, 2025 16:59

fixing base on feedback

0ec4777

Merge branch 'TR-3506_mitre_update' of github.com:splunk/contentctl i…

3669ca5

…nto TR-3506_mitre_update

Remove outdated annotation

dba378a

syntax. Bump bugfix release in pyproject. Remove pandas requirement, which is not used, from pyproject.toml

pyth0n1c reviewed Jun 10, 2025

View reviewed changes

pyth0n1c merged commit b6b7fcd into main Jun 10, 2025
16 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TR-3506 MITRE MAP Update#413

TR-3506 MITRE MAP Update#413
pyth0n1c merged 6 commits intomainfrom
TR-3506_mitre_update

josehelps commented Jun 5, 2025 •

edited

Loading

Uh oh!

pyth0n1c Jun 5, 2025

Uh oh!

josehelps Jun 6, 2025

Uh oh!

pyth0n1c Jun 10, 2025

Uh oh!

pyth0n1c Jun 10, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

josehelps commented Jun 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pyth0n1c Jun 5, 2025

Choose a reason for hiding this comment

Uh oh!

josehelps Jun 6, 2025

Choose a reason for hiding this comment

Uh oh!

pyth0n1c Jun 10, 2025

Choose a reason for hiding this comment

Uh oh!

pyth0n1c Jun 10, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

josehelps commented Jun 5, 2025 •

edited

Loading