jmb/scanfile
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

capa analysis results look nicer now

Browse source
This commit is contained in:
Johannes Bülow 2025-08-19 14:08:26 +02:00
parent de49d84788
commit de93bbd271
Signed by: jmb
GPG key ID: B56971CF7B8F83A6
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
scanners/capa/routes/capa.py
View file

@ -14,7 +14,6 @@ import json
import os import os
import capa.render.utils as rutils import capa.render.utils as rutils
import capa.render.result_document as rd import capa.render.result_document as rd
import collections
from capa.render.default import find_subrule_matches from capa.render.default import find_subrule_matches
capa_bp = Blueprint('capa', __name__) capa_bp = Blueprint('capa', __name__)
@ -55,7 +54,7 @@ def analyze_capa():
capability = rule.meta.name + f" ({count} matches)" capability = rule.meta.name + f" ({count} matches)"
caps[capability] = rule.meta.namespace caps[capability] = rule.meta.namespace
for attack in rule.meta.attack: for attack in rule.meta.attack:
tactics[attack.tactic] = attack.technique + attack.subtechnique + attack.id.strip("[").strip("]") tactics[attack.tactic] = attack.technique + " " + attack.subtechnique + " " + attack.id.strip("[").strip("]")
maec_categories = { maec_categories = {
"analysis_conclusion", "analysis_conclusion",
@ -71,7 +70,7 @@ def analyze_capa():
maec[maec_category] = maec_value maec[maec_category] = maec_value
for rule in rutils.capability_rules(doc): for rule in rutils.capability_rules(doc):
for mbc in rule.meta.mbc: for mbc in rule.meta.mbc:
objectives[mbc.objective] = mbc.behavior + mbc.method + mbc.id.strip("[").strip("]") objectives[mbc.objective] = mbc.behavior + " " + mbc.method + " " + mbc.id.strip("[").strip("]")
return jsonify(capabilities=caps, tactics=tactics, maec=maec, objectives=objectives) return jsonify(capabilities=caps, tactics=tactics, maec=maec, objectives=objectives)