73 lines
3.3 KiB
Python
73 lines
3.3 KiB
Python
"""add_threat_actors_tables
|
|
|
|
Revision ID: b010threatactors
|
|
Revises: b009detectionrules
|
|
Create Date: 2026-02-09 15:00:00.000000
|
|
|
|
"""
|
|
from typing import Sequence, Union
|
|
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
from sqlalchemy.dialects.postgresql import UUID, JSONB
|
|
|
|
|
|
# revision identifiers, used by Alembic.
|
|
revision: str = 'b010threatactors'
|
|
down_revision: Union[str, Sequence[str], None] = 'b009detectionrules'
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
"""Create threat_actors and threat_actor_techniques tables."""
|
|
# threat_actors
|
|
op.create_table(
|
|
'threat_actors',
|
|
sa.Column('id', UUID(as_uuid=True), primary_key=True),
|
|
sa.Column('mitre_id', sa.String(), unique=True, nullable=True),
|
|
sa.Column('name', sa.String(), nullable=False),
|
|
sa.Column('aliases', JSONB(), nullable=True),
|
|
sa.Column('description', sa.Text(), nullable=True),
|
|
sa.Column('country', sa.String(), nullable=True),
|
|
sa.Column('target_sectors', JSONB(), nullable=True),
|
|
sa.Column('target_regions', JSONB(), nullable=True),
|
|
sa.Column('motivation', sa.String(), nullable=True),
|
|
sa.Column('sophistication', sa.String(), nullable=True),
|
|
sa.Column('first_seen', sa.String(), nullable=True),
|
|
sa.Column('last_seen', sa.String(), nullable=True),
|
|
sa.Column('references', JSONB(), nullable=True),
|
|
sa.Column('mitre_url', sa.String(), nullable=True),
|
|
sa.Column('is_active', sa.Boolean(), server_default='true'),
|
|
sa.Column('created_at', sa.DateTime(), server_default=sa.func.now()),
|
|
)
|
|
op.create_index('ix_threat_actors_country', 'threat_actors', ['country'])
|
|
op.create_index('ix_threat_actors_motivation', 'threat_actors', ['motivation'])
|
|
|
|
# threat_actor_techniques (junction table)
|
|
op.create_table(
|
|
'threat_actor_techniques',
|
|
sa.Column('id', UUID(as_uuid=True), primary_key=True),
|
|
sa.Column('threat_actor_id', UUID(as_uuid=True),
|
|
sa.ForeignKey('threat_actors.id', ondelete='CASCADE'), nullable=False),
|
|
sa.Column('technique_id', UUID(as_uuid=True),
|
|
sa.ForeignKey('techniques.id', ondelete='CASCADE'), nullable=False),
|
|
sa.Column('usage_description', sa.Text(), nullable=True),
|
|
sa.Column('first_seen_using', sa.String(), nullable=True),
|
|
)
|
|
op.create_index('ix_threat_actor_techniques_actor', 'threat_actor_techniques', ['threat_actor_id'])
|
|
op.create_index('ix_threat_actor_techniques_technique', 'threat_actor_techniques', ['technique_id'])
|
|
op.create_unique_constraint('uq_actor_technique', 'threat_actor_techniques',
|
|
['threat_actor_id', 'technique_id'])
|
|
|
|
|
|
def downgrade() -> None:
|
|
"""Drop threat_actor_techniques and threat_actors tables."""
|
|
op.drop_constraint('uq_actor_technique', 'threat_actor_techniques', type_='unique')
|
|
op.drop_index('ix_threat_actor_techniques_technique', table_name='threat_actor_techniques')
|
|
op.drop_index('ix_threat_actor_techniques_actor', table_name='threat_actor_techniques')
|
|
op.drop_table('threat_actor_techniques')
|
|
op.drop_index('ix_threat_actors_motivation', table_name='threat_actors')
|
|
op.drop_index('ix_threat_actors_country', table_name='threat_actors')
|
|
op.drop_table('threat_actors')
|