Issue344 RA schema extension

docs/Response_Actions/RA_1000_test.md

@@ -0,0 +1,38 @@
+| Title                       | Testing         |
+|:---------------------------:|:--------------------|
+| **ID**                      | RA1000            |
+| **Description**             | A test response action without any sensible content   |
+| **Author**                  | Christoph Bott (@xofolowski)        |
+| **Creation Date**           | 2021/08/05 |
+| **Category**                | General      |
+| **Stage**                   |[RS0001: Preparation](../Response_Stages/RS0001.md)| 
+
+---
+
+
+
+## Response Action Details 
+|*Attribute*|*Value*|*Remarks*|
+|:---|:---|:---|
+| **RA Objective**    |Disrupt | Either of: *Disrupt, Deny, Degrade, Destroy, Deceive*| 
+| **Potential Business Impact** |Very High| Either of: *Low, Medium, High, Very High*|
+
+---
+
+
+
+## Full Description
+This is a fancy mitigation that will allow SOC to trigger self destruction of all Windows Endpoints.
+Once triggered, the endpoint will start screaming, wait for close-by people to evacuate and then shortcut the battery, effectively causing the endpoint to burn down.
+
+
+
+## Standing Operating Procedure
+
+> ***Attention:***  
+> Minimum TIER level for execution of this response activity is: **TIER-*2*!** 
+
+Description of the workflow in the [Markdown](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) format.
+Here newlines will be saved.
+
+

mkdocs.yml

@@ -28,6 +28,7 @@ nav:
         - Response Stages: responsestages.md
     - Response Actions:
         - Preparation:
+            - "RA1000: Testing-foobar": ./Response_Actions/RA_1000_testing-foobar.md
             - "RA1001: Practice": ./Response_Actions/RA_1001_practice.md
             - "RA1002: Take trainings": ./Response_Actions/RA_1002_take_trainings.md
             - "RA1003: Raise personnel awareness": ./Response_Actions/RA_1003_raise_personnel_awareness.md

response_actions/RA_1000_test.yml

@@ -0,0 +1,19 @@
+title: RA_1000_testing
+id: RA1000
+description: A test response action without any sensible content
+author: 'Christoph Bott (@xofolowski)'
+creation_date: 2021/08/05
+stage: preparation
+details:
+  description-full: |
+    This is a fancy mitigation that will allow SOC to trigger self destruction of all Windows Endpoints.
+    Once triggered, the endpoint will start screaming, wait for close-by people to evacuate and then shortcut the battery, effectively causing the endpoint to burn down.
+  workflow: |
+    Description of the workflow in the [Markdown](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) format.
+    Here newlines will be saved.
+
+  raCoA: Disrupt
+  pot_business_impact: Very High
+  activation_SLA:
+  expected_coverage:
+  minTierLevel: 2

response_actions/respose_action.yml.template

@@ -17,6 +17,16 @@ references:
 requirements:
   - MS_something # link to the Mitigation System required for the Response Action
   - DN_something # link to the Data Needed entity, required for the Response Action
-workflow: |
-  Description of the workflow in the [Markdown](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) format.
-  Here newlines will be saved.
+details:
+  description-full: |
+    This is a fancy mitigation that will allow SOC to trigger self destruction of all Windows Endpoints.  
+    Once triggered, the endpoint will start screaming, wait for close-by people to evacuate and then shortcut the battery, effectively causing the endpoint to burn down.
+  workflow: |
+    Description of the workflow in the [Markdown](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) format.
+    Here newlines will be saved.
+
+  raCoA: Detect | Disrupt | Deny | Degrade | Deceive
+  pot_business_impact: Very High | High | Medium | Low
+  activation_SLA:
+  expected_coverage:
+  minTierLevel: 2

scripts/responseplaybook.py

@@ -142,9 +142,12 @@ def render_template(self, template_type):
                         action_title = action.get('id')\
                             + ": "\
                             + REACTutils.normalize_react_title(action.get('title'))
-
+                        try:
+                            action_details = action.get('details')
+                        except:
+                            action_details = {}
                         stage_list.append(
-                            (action_title, task, action.get('description'), action.get('workflow'))
+                            (action_title, task, action.get('description'), action.get('workflow'), action_details)
                         )
                 except TypeError:
                     pass
@@ -294,8 +297,9 @@ def render_template(self, template_type):
                             + '/' + task + '.yml')
                         stage_list.append(
                             (action.get('description'),
-                             action.get('workflow'))
-                        )
+                             action.get('workflow'),
+							 action.get('details'))
+						)
                 except TypeError:
                     pass
 

scripts/templates/confluence_responseaction_template.html.j2

@@ -89,11 +89,11 @@
       <p class="auto-cursor-target"><br /></p>
    </ac:rich-text-body>
 </ac:structured-macro>
-{% if workflow is defined and workflow|length %}
+{% if (workflow is defined and workflow|length) or (details is defined and details['workflow'] is defined and details['workflow']|length) %}
 <h1>Workflow</h1>
-<pre><br/></pre>
 <ac:structured-macro ac:name="markdown"><ac:plain-text-body>
-	<![CDATA[{{ workflow }}]]>
+  {% if workflow is defined %}<![CDATA[{{ workflow }}]]> {% endif %}
+  {% if details is defined %}<![CDATA[{{ details['workflow'] }}]]> {% endif %}
 </ac:plain-text-body></ac:structured-macro>
 {% else %}
 {% endif %}

scripts/templates/confluence_responseplaybook_template.html.j2

@@ -126,7 +126,7 @@
    {% for stage_name, stage_actions in stages %}
     {%- if stage_actions is defined and stage_actions is not none and stage_actions|length %}
       <h2>{{ stage_name }}</h2>
-         {% for action_description, action_workflow in stage_actions%}
+         {% for action_description, action_workflow, action_details in stage_actions%}
             <h3>{{ action_description }}</h3>
             <ac:structured-macro ac:name="markdown"><ac:plain-text-body>
                <![CDATA[{{ action_workflow }}]]>

scripts/templates/markdown_responseaction_template.md.j2

@@ -7,6 +7,36 @@
 | **Category**                | {{ category }}      |
 | **Stage**                   | {%- for rs_id, rs_name in stage %}[{{ rs_id }}: {{rs_name}}](../Response_Stages/{{ rs_id }}.md){% endfor -%} | {% if automation is not none and automation|length %}{{ '\n' }}| **Automation** |<ul>{% for auto in automation %}<li>{{ auto }}</li>{% endfor %}</ul>|{% endif %}{% if references is not none and references|length %}{{ '\n' }}| **References** |<ul>{% for ref in references %}<li>[{{ ref }}]({{ ref }})</li>{% endfor %}</ul>|{% endif %}{% if requirements is not none and requirements|length %}{{ '\n' }}| **Requirements** |<ul>{% for requirement in requirements %}<li>{{ requirement }}</li>{% endfor %}</ul>|{% endif %}
 
-### Workflow
+---
+
+{% if workflow is defined and workflow|length %}
+## Workflow
+**Please note:** This RA has not yet been converted to the extensible RA scheme
 
 {{ workflow }}
+{% else %}
+  {%  if details['raEffect'] is defined and details['raEffect'] != none or details['pot_business_impact'] is defined and details['pot_business_impact'] != none or details['activation_SLA'] is defined and details['activation_SLA'] != none or details['expected_coverage'] is defined and details['expected_coverage'] != none %}
+## Response Action Details 
+|*Attribute*|*Value*|*Remarks*|
+|:---|:---|:---|{%  if details['raEffect'] is defined and details['raEffect'] != none %}
+| **RA Objective**    |{{ details['raEffect'] }} | Either of: *Disrupt, Deny, Degrade, Destroy, Deceive*|{% endif %} {%  if details['pot_business_impact'] is defined and details['pot_business_impact'] != none %}
+| **Potential Business Impact** |{{ details['pot_business_impact'] }}| Either of: *Low, Medium, High, Very High*|{% endif %}{%  if details['activation_SLA'] is defined and details['activation_SLA'] != none %}
+| **Activation SLA** |{{ details['activation_SLA'] }} |How quickly can we expect the action to be implemented?|{% endif %}{%  if details['expected_coverage'] is defined and details['expected_coverage'] != none %}
+| **Expected Coverage** |{{ details['expected_coverage'] }} | |{% endif %}
+
+---
+
+  {% endif %}
+  {% if details['description-full'] is defined %}
+## Full Description
+{{ details['description-full'] }}
+  {% endif %}
+  {% if details['workflow'] is defined %}
+## Standing Operating Procedure
+     {% if details['minTierLevel'] is defined and details['minTierLevel'] > 1 %}
+> ***Attention:***  
+> Minimum TIER level for execution of this response activity is: **TIER-*{{ details['minTierLevel'] }}*!** 
+	 {% endif %}
+{{ details['workflow'] }}
+  {% endif %}
+{% endif %}

scripts/templates/markdown_responseplaybook_template.md.j2

@@ -24,7 +24,7 @@
 {%- endif -%}
 {%- for stage_name, stage_actions in stages -%}
     {%- if stage_actions is not none and stage_actions|length -%}
-    {{'\n'}}| **{{stage_name}}**  |<ul>{% for action_title, action_filename, action_description, action_workflow in stage_actions %}<li>[{{ action_title }}](../Response_Actions/{{action_filename}}.md)</li>{% endfor %}</ul>|
+    {{'\n'}}| <a href='#stage-{{ loop.index }}'>**{{stage_name}}**</a>  |<ul>{% for action_title, action_filename, action_description, action_workflow, action_details in stage_actions %}<li>[{{ action_title }}](../Response_Actions/{{action_filename}}.md)</li>{% endfor %}</ul>| 
     {%- endif -%}
 {%- endfor %}
 
@@ -33,11 +33,18 @@
 {{ workflow }}
 
 {% for stage_name, stage_actions in stages %}
-{% if stage_actions is not none and stage_actions|length %}#### {{ stage_name }}{% endif %}
-{% for action_title, action_filename, action_description, action_workflow in stage_actions%}
-##### {{ action_description }}
-
+{% if stage_actions is not none and stage_actions|length %}<div id='stage-{{ loop.index }}'></div>
+### {{ stage_name }}{% endif %}
+{% for action_title, action_filename, action_description, action_workflow, action_details in stage_actions%}
+#### {{ action_description }} 
+
+{% if action_details['workflow'] is not none -%}
+{{ action_details['workflow'] }}
+{% elif action_workflow is not none -%}
 {{ action_workflow }}
+{% endif %}
 
-{%- endfor %}
-{%- endfor %}
+----
+
+{%+ endfor %}
+{% endfor %}