kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(phase-24): integrate MITRE D3FEND defensive techniques with ATT&CK mapping (T-213, T-214)

Browse Source
This commit is contained in:
Kitos
2026-02-09 16:38:59 +01:00
parent 2fc0e2cafd
commit cd124b655b
12 changed files with 1141 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
frontend/src/api/d3fend.ts Normal file
View File

@@ -0,0 +1,56 @@
import client from "./client";
export interface DefensiveTechnique {
id: string;
d3fend_id: string;
name: string;
description: string | null;
tactic: string | null;
d3fend_url: string | null;
}
export interface DefensesForTechnique {
mitre_id: string;
technique_name: string;
defenses: DefensiveTechnique[];
total: number;
}
export interface D3FENDTactic {
tactic: string;
count: number;
}
export interface D3FENDImportResult {
techniques: { created: number; updated: number; total: number };
mappings: { created: number; skipped: number; total: number };
}
/** Fetch defenses for a specific ATT&CK technique. */
export async function getDefensesForTechnique(mitreId: string): Promise<DefensesForTechnique> {
const { data } = await client.get<DefensesForTechnique>(`/d3fend/for-technique/${mitreId}`);
return data;
}
/** List all defensive techniques with optional filters. */
export async function listDefensiveTechniques(params?: {
tactic?: string;
search?: string;
offset?: number;
limit?: number;
}): Promise<{ total: number; items: DefensiveTechnique[] }> {
const { data } = await client.get("/d3fend", { params });
return data;
}
/** Get D3FEND tactic counts. */
export async function getD3FENDTactics(): Promise<D3FENDTactic[]> {
const { data } = await client.get<D3FENDTactic[]>("/d3fend/tactics");
return data;
}
/** Trigger D3FEND import (admin only). */
export async function triggerD3FENDImport(): Promise<D3FENDImportResult> {
const { data } = await client.post<D3FENDImportResult>("/d3fend/import");
return data;
}

3
frontend/src/api/techniques.ts
View File

@@ -1,5 +1,5 @@
import client from "./client";
import type { Technique, TechniqueStatus, Test, IntelItem } from "../types/models";
import type { Technique, TechniqueStatus, Test, IntelItem, DefensiveTechnique } from "../types/models";
/** Summary representation used in list endpoints. */
export interface TechniqueSummary {
@@ -15,6 +15,7 @@ export interface TechniqueSummary {
export interface TechniqueWithTests extends Technique {
tests?: Test[];
intel_items?: IntelItem[];
d3fend_defenses?: DefensiveTechnique[];
}
export interface TechniqueFilters {

60
frontend/src/components/test-detail/TeamTabs.tsx
View File

@@ -1,4 +1,5 @@
import { useState } from "react";
import { useQuery } from "@tanstack/react-query";
import {
Shield,
ShieldCheck,
@@ -10,6 +11,7 @@ import {
XCircle,
AlertTriangle,
Trash2,
ExternalLink,
} from "lucide-react";
import type {
Test,
@@ -18,8 +20,10 @@ import type {
Evidence,
TestTimelineEntry,
User,
DefensiveTechnique,
} from "../../types/models";
import { RED_EDITABLE_STATES, BLUE_EDITABLE_STATES } from "../../types/models";
import { getDefensesForTechnique } from "../../api/d3fend";
import EvidenceUpload from "../EvidenceUpload";
import EvidenceList from "../EvidenceList";
@@ -105,6 +109,13 @@ export default function TeamTabs({
const [activeTab, setActiveTab] = useState<TabKey>("red");
const role = user?.role ?? "";
// Fetch D3FEND defenses for the test's technique
const { data: d3fendData } = useQuery({
queryKey: ["d3fend-defenses", test.technique_mitre_id],
queryFn: () => getDefensesForTechnique(test.technique_mitre_id!),
enabled: !!test.technique_mitre_id,
});
const canEditRed =
RED_EDITABLE_STATES.includes(test.state) &&
(role === "red_tech" || role === "admin");
@@ -326,6 +337,55 @@ export default function TeamTabs({
/>
</div>
{/* Recommended Detection Approaches (D3FEND) */}
{d3fendData && d3fendData.defenses.length > 0 && (
<div className="rounded-lg border border-emerald-500/20 bg-emerald-900/10 p-4">
<h3 className="mb-3 flex items-center gap-2 text-sm font-semibold text-emerald-400">
<Shield className="h-4 w-4" />
Recommended Detection Approaches
<span className="ml-auto rounded-full bg-emerald-900/50 border border-emerald-500/30 px-2 py-0.5 text-[10px] font-medium text-emerald-400">
{d3fendData.defenses.length} countermeasure{d3fendData.defenses.length !== 1 ? "s" : ""}
</span>
</h3>
<div className="space-y-2 max-h-64 overflow-y-auto pr-1">
{d3fendData.defenses.map((def) => (
<div
key={def.id}
className="flex items-start justify-between rounded-lg border border-gray-700 bg-gray-800/50 p-3"
>
<div className="min-w-0 flex-1">
<div className="flex items-center gap-2">
<span className="shrink-0 rounded bg-emerald-900/50 border border-emerald-500/30 px-1.5 py-0.5 font-mono text-[10px] text-emerald-400">
{def.d3fend_id}
</span>
<span className="text-sm font-medium text-gray-200">{def.name}</span>
{def.tactic && (
<span className="shrink-0 rounded-full bg-gray-800 border border-gray-700 px-1.5 py-0.5 text-[10px] text-gray-400">
{def.tactic}
</span>
)}
</div>
{def.description && (
<p className="mt-1 text-xs text-gray-400 line-clamp-2">{def.description}</p>
)}
</div>
{def.d3fend_url && (
<a
href={def.d3fend_url}
target="_blank"
rel="noopener noreferrer"
className="ml-2 shrink-0 text-gray-500 hover:text-cyan-400"
title="View in D3FEND"
>
<ExternalLink className="h-3.5 w-3.5" />
</a>
)}
</div>
))}
</div>
</div>
)}
{/* Blue validation status if applicable */}
{test.blue_validation_status && (
<div

74
frontend/src/pages/TechniqueDetailPage.tsx
View File

@@ -408,6 +408,80 @@ export default function TechniqueDetailPage() {
)}
</div>
{/* Recommended Defenses (D3FEND) */}
{technique.d3fend_defenses && technique.d3fend_defenses.length > 0 && (
<div className="rounded-xl border border-gray-800 bg-gray-900 p-6">
<div className="mb-4 flex items-center justify-between">
<h2 className="text-lg font-semibold text-white flex items-center gap-2">
<Shield className="h-5 w-5 text-emerald-400" />
Recommended Defenses (D3FEND)
</h2>
<span className="rounded-full bg-emerald-900/50 border border-emerald-500/30 px-2.5 py-0.5 text-xs font-medium text-emerald-400">
{technique.d3fend_defenses.length} countermeasure{technique.d3fend_defenses.length !== 1 ? "s" : ""}
</span>
</div>
{/* Group by tactic */}
{(() => {
const grouped: Record<string, typeof technique.d3fend_defenses> = {};
for (const def of technique.d3fend_defenses!) {
const tactic = def.tactic || "Other";
if (!grouped[tactic]) grouped[tactic] = [];
grouped[tactic].push(def);
}
const tacticColors: Record<string, string> = {
Detect: "border-blue-500/30 bg-blue-900/20 text-blue-400",
Harden: "border-emerald-500/30 bg-emerald-900/20 text-emerald-400",
Isolate: "border-purple-500/30 bg-purple-900/20 text-purple-400",
Deceive: "border-amber-500/30 bg-amber-900/20 text-amber-400",
Evict: "border-red-500/30 bg-red-900/20 text-red-400",
Model: "border-cyan-500/30 bg-cyan-900/20 text-cyan-400",
};
return Object.entries(grouped).map(([tactic, defenses]) => (
<div key={tactic} className="mb-4 last:mb-0">
<h3 className="mb-2 text-sm font-medium text-gray-400 uppercase tracking-wide">
{tactic}
</h3>
<div className="grid gap-2 sm:grid-cols-2">
{defenses!.map((def) => (
<div
key={def.id}
className={`rounded-lg border p-3 transition-colors hover:border-gray-600 ${
tacticColors[tactic] || "border-gray-700 bg-gray-800/30 text-gray-300"
}`}
>
<div className="flex items-start justify-between">
<div className="min-w-0 flex-1">
<p className="text-sm font-medium text-gray-200">
<span className="font-mono text-xs text-gray-500 mr-1.5">{def.d3fend_id}</span>
{def.name}
</p>
{def.description && (
<p className="mt-1 text-xs text-gray-400 line-clamp-2">{def.description}</p>
)}
</div>
{def.d3fend_url && (
<a
href={def.d3fend_url}
target="_blank"
rel="noopener noreferrer"
className="ml-2 shrink-0 text-gray-500 hover:text-cyan-400"
title="View in D3FEND"
>
<ExternalLink className="h-3.5 w-3.5" />
</a>
)}
</div>
</div>
))}
</div>
</div>
));
})()}
</div>
)}
{/* Intel Items Section */}
{technique.intel_items && technique.intel_items.length > 0 && (
<div className="rounded-xl border border-gray-800 bg-gray-900 p-6">

11
frontend/src/types/models.ts
View File

@@ -187,3 +187,14 @@ export interface TacticCoverage {
not_evaluated: number;
in_progress: number;
}
// ── D3FEND ────────────────────────────────────────────────────────
export interface DefensiveTechnique {
id: string;
d3fend_id: string;
name: string;
description: string | null;
tactic: string | null;
d3fend_url: string | null;
}