Class/Enterprise/EnterpriseTechnique.psm1

using module ./PSAttck/Class/Enterprise/Enterprise.psm1

class EnterpriseTechnique : Enterprise {

    [String] $CreatedByReference
    [System.Collections.ArrayList] $Platform
    [System.Collections.ArrayList] $Permission
    [System.Collections.ArrayList] $Bypass
    [System.Collections.ArrayList] $EffectivePermissions
    [System.Collections.ArrayList] $CommandList
    [System.Collections.ArrayList] $Commands
    [System.Collections.ArrayList] $Queries
    [System.Collections.ArrayList] $RawDatasets
    [System.Collections.ArrayList] $RawDetections
    [String] $Network
    [String] $Remote
    [String] $SystemRequirements
    [String] $Detection
    [System.Collections.ArrayList] $DataSource
    [System.Collections.ArrayList] hidden $phaseNames

    static hidden $generatedDataSet

    EnterpriseTechnique($JsonObject) : base($JsonObject) {

        if (-not([EnterpriseTechnique]::generatedDataSet)){
            [EnterpriseTechnique]::generatedDataSet = Get-AttckDataFiles -AttckDataset
        }

        $this.CreatedByReference = $this.SetAttribute($JsonObject, 'created_by_ref')
        $this.Platform = $this.SetListAttribute($JsonObject, 'x_mitre_platforms')

        $this.Permission = $this.SetListAttribute($JsonObject, 'x_mitre_permissions_required')
        $this.Bypass = $this.SetListAttribute($JsonObject, 'x_mitre_defense_bypassed')
        $this.EffectivePermissions = $this.SetListAttribute($JsonObject, 'x_mitre_effective_permissions')
        $this.Network = $this.SetAttribute($JsonObject, 'x_mitre_network_requirements')
        $this.Remote = $this.SetAttribute($JsonObject, 'x_mitre_remote_support')
        $this.SystemRequirements = $this.SetAttribute($JsonObject, 'x_mitre_system_requirements')
        $this.Detection = $this.SetAttribute($JsonObject, 'x_mitre_detection')
        $this.DataSource = $this.SetListAttribute($JsonObject, 'x_mitre_data_sources')

        $this.SetTactic($JsonObject)

        $this.CommandList = $this.GetFilteredDataset('command_list')
        $this.Commands = $this.GetFilteredDataset('commands')
        $this.Queries = $this.GetFilteredDataset('queries')
        $this.RawDatasets = $this.GetFilteredDataset('parsed_datasets')
        $this.RawDetections = $this.GetFilteredDataset('possible_detections')
    }

    [System.Collections.ArrayList] hidden GetFilteredDataset($attribute){
        $returnObject = [System.Collections.ArrayList]::new()
        [EnterpriseTechnique]::generatedDataSet.techniques.ForEach({
            if ($_.technique_id -eq $this.Id){
                $returnObject.Add($_."$attribute")
            }
        })
        return $returnObject
    }

    [void] hidden SetTactic($obj){
        $returnObject = [System.Collections.ArrayList]::new()

        foreach ($phase in $obj.kill_chain_phases){
            $returnObject.Add($phase.phase_name)
        }
        $this.phaseNames = $returnObject
    }

    [System.Collections.ArrayList] Tactics(){
        $returnObject = [System.Collections.ArrayList]::new()

        $global:PSAttckJson.objects.Where{$_.type -eq 'x-mitre-tactic'}.ForEach{
            foreach ($phase in $this.phaseNames){
                if ($phase.ToLower() -eq $_.x_mitre_shortname){
                    $returnObject.Add((New-AttckObject -Object $_ -Type 'EnterpriseTactic'))
                }
            }
        }
        return $returnObject
    }

    [System.Collections.ArrayList] Actors(){
        $returnObject = [System.Collections.ArrayList]::new()

        $actorObj = @{}
        $global:PSAttckJson.objects.Where{$_.type -eq 'intrusion-set'}.ForEach{
            $actorObj[$_.id] = $_
        }

        [Enterprise]::relationships[$this.Stix].ForEach{
            if ($actorObj[$_]){
                $returnObject.Add((New-AttckObject -Object $actorObj[$_] -Type 'EnterpriseActor'))
            }
        }
        return $returnObject
    }

    [System.Collections.ArrayList] Mitigations(){
        $returnObject = [System.Collections.ArrayList]::new()

        $mitigationObj = @{}
        $global:PSAttckJson.objects.Where{$_.type -eq 'course-of-action'}.ForEach{
            $mitigationObj[$_.id] = $_
        }

        [Enterprise]::relationships[$this.Stix].ForEach{
            if ($mitigationObj[$_]){
                $returnObject.Add((New-AttckObject -Object $mitigationObj[$_] -Type 'EnterpriseMitigation'))
            }
        }
        return $returnObject
    }
}