Merge branch 'master' into runtime-boundaries

changes/1bb2c10dcd45ca552c2614fdc31903b7.yaml

@@ -0,0 +1,5 @@
+---
+desc: Added ``risk:mitigation:type`` as a ``taxonomy`` to track mitigation types.
+prs: []
+type: model
+...

changes/d0b850904544a61640cd0432a052d800.yaml

@@ -0,0 +1,5 @@
+---
+desc: Added ``ou:asset`` form and associated properties to model organizational asset tracking.
+prs: []
+type: model
+...

synapse/models/orgs.py

@@ -45,6 +45,24 @@ def getModelDefs(self):
                         ),
                     }}),
 
+                ('ou:asset:type:taxonomy', ('taxonomy', {}), {
+                    'interfaces': ('meta:taxonomy',),
+                    'doc': 'An asset type taxonomy.'}),
+
+                ('ou:asset:status:taxonomy', ('taxonomy', {}), {
+                    'interfaces': ('meta:taxonomy',),
+                    'doc': 'An asset status taxonomy.'}),
+
+                ('ou:asset', ('guid', {}), {
+                    'doc': 'A node for tracking assets which belong to an organization.',
+                    'display': {
+                        'columns': (
+                            {'type': 'prop', 'opts': {'name': 'id'}},
+                            {'type': 'prop', 'opts': {'name': 'name'}},
+                            {'type': 'prop', 'opts': {'name': 'org::name'}},
+                        ),
+                    }}),
+
                 ('ou:orgtype', ('taxonomy', {}), {
                     'doc': 'An org type taxonomy.',
                     'interfaces': ('meta:taxonomy',),
@@ -734,6 +752,52 @@ def getModelDefs(self):
                     ('org', ('ou:org', {}), {}),
                     ('name', ('ou:name', {}), {}),
                 )),
+
+                ('ou:asset:type:taxonomy', {}, ()),
+                ('ou:asset:status:taxonomy', {}, ()),
+                ('ou:asset', {}, (
+                    ('org', ('ou:org', {}), {
+                        'doc': 'The organization which owns the asset.'}),
+
+                    ('id', ('str', {'strip': True}), {
+                        'doc': 'The ID of the asset.'}),
+
+                    ('name', ('str', {'lower': True, 'onespace': True}), {
+                        'doc': 'The name of the assset.'}),
+
+                    ('period', ('ival', {}), {
+                        'doc': 'The period of time when the asset was being tracked.'}),
+
+                    ('status', ('ou:asset:status:taxonomy', {}), {
+                        'doc': 'The current status of the asset.'}),
+
+                    ('type', ('ou:asset:type:taxonomy', {}), {
+                        'doc': 'The asset type.'}),
+
+                    ('priority', ('meta:priority', {}), {
+                        'doc': 'The overall priority of protecting the asset.'}),
+
+                    ('priority:confidentiality', ('meta:priority', {}), {
+                        'doc': 'The priority of protecting the confidentiality of the asset.'}),
+
+                    ('priority:integrity', ('meta:priority', {}), {
+                        'doc': 'The priority of protecting the integrity of the asset.'}),
+
+                    ('priority:availability', ('meta:priority', {}), {
+                        'doc': 'The priority of protecting the availability of the asset.'}),
+
+                    ('node', ('ndef', {}), {
+                        'doc': 'The node which represents the asset.'}),
+
+                    ('place', ('geo:place', {}), {
+                        'doc': 'The place where the asset is deployed.'}),
+
+                    ('owner', ('ps:contact', {}), {
+                        'doc': 'The contact information of the owner or administrator of the asset.'}),
+
+                    ('operator', ('ps:contact', {}), {
+                        'doc': 'The contact information of the user or operator of the asset.'}),
+                )),
                 ('ou:position', {}, (
                     ('org', ('ou:org', {}), {
                         'doc': 'The org which has the position.',

synapse/models/risk.py

@@ -96,12 +96,17 @@ def getModelDefs(self):
                         ),
                     },
                 }),
+                ('risk:mitigation:type:taxonomy', ('taxonomy', {}), {
+                    'interaces': ('taxonomy',),
+                    'doc': 'A taxonomy of mitigation types.',
+                }),
                 ('risk:mitigation', ('guid', {}), {
                     'doc': 'A mitigation for a specific risk:vuln.',
                     'display': {
                         'columns': (
                             {'type': 'prop', 'opts': {'name': 'name'}},
                             {'type': 'prop', 'opts': {'name': 'reporter:name'}},
+                            {'type': 'prop', 'opts': {'name': 'type'}},
                             {'type': 'prop', 'opts': {'name': 'tag'}},
                         ),
                     },
@@ -198,9 +203,22 @@ def getModelDefs(self):
                     'doc': 'The tool uses the target node.'}),
                 (('risk:compromise', 'stole', None), {
                     'doc': 'The target node was stolen or copied as a result of the compromise.'}),
+
                 (('risk:mitigation', 'addresses', 'ou:technique'), {
                     'doc': 'The mitigation addresses the technique.'}),
 
+                (('risk:mitigation', 'uses', 'meta:rule'), {
+                    'doc': 'The mitigation uses the rule.'}),
+
+                (('risk:mitigation', 'uses', 'it:app:yara:rule'), {
+                    'doc': 'The mitigation uses the YARA rule.'}),
+
+                (('risk:mitigation', 'uses', 'it:app:snort:rule'), {
+                    'doc': 'The mitigation uses the Snort rule.'}),
+
+                (('risk:mitigation', 'uses', 'inet:service:rule'), {
+                    'doc': 'The mitigation uses the service rule.'}),
+
                 (('risk:leak', 'leaked', None), {
                     'doc': 'The leak included the disclosure of the target node.'}),
 
@@ -334,6 +352,7 @@ def getModelDefs(self):
                         'doc': 'A mapping to a MITRE ATT&CK software if applicable.'}),
 
                 )),
+                ('risk:mitigation:type:taxonomy', {}, ()),
                 ('risk:mitigation', {}, (
 
                     ('vuln', ('risk:vuln', {}), {
@@ -342,6 +361,9 @@ def getModelDefs(self):
                     ('name', ('str', {'lower': True, 'onespace': True}), {
                         'doc': 'A brief name for this risk mitigation.'}),
 
+                    ('type', ('risk:mitigation:type:taxonomy', {}), {
+                        'doc': 'A taxonomy type entry for the mitigation.'}),
+
                     ('desc', ('str', {}), {
                         'disp': {'hint': 'text'},
                         'doc': 'A description of the mitigation approach for the vulnerability.'}),

synapse/tests/test_model_orgs.py

@@ -669,6 +669,38 @@ async def test_ou_simple(self):
             self.len(1, await core.nodes('ou:requirement=50b757fafe4a839ec499023ebcffe7c0 :assignee -> ps:contact +:orgname=ledos'))
             self.len(1, await core.nodes('ou:requirement=50b757fafe4a839ec499023ebcffe7c0 -> ou:requirement:type:taxonomy'))
 
+            nodes = await core.nodes('''
+                [ ou:asset=*
+                    :id=V-31337
+                    :name="visi laptop"
+                    :type=host.laptop
+                    :priority=highest
+                    :priority:confidentiality=highest
+                    :priority:integrity=highest
+                    :priority:availability=highest
+                    :node = (it:host, *)
+                    :period=(2016, ?)
+                    :status=deployed
+                    :org={[ ou:org=* :name=vertex ]}
+                    :owner={[ ps:contact=* :name=foo ]}
+                    :operator={[ ps:contact=* :name=bar ]}
+                ]''')
+            self.len(1, nodes)
+            self.eq((1451606400000, 9223372036854775807), nodes[0].get('period'))
+            self.eq('visi laptop', nodes[0].get('name'))
+            self.eq('host.laptop.', nodes[0].get('type'))
+            self.eq('deployed.', nodes[0].get('status'))
+            self.eq(50, nodes[0].get('priority'))
+            self.eq(50, nodes[0].get('priority:confidentiality'))
+            self.eq(50, nodes[0].get('priority:integrity'))
+            self.eq(50, nodes[0].get('priority:availability'))
+
+            self.len(1, await core.nodes('ou:asset -> ou:asset:type:taxonomy'))
+            self.len(1, await core.nodes('ou:asset :node -> it:host'))
+            self.len(1, await core.nodes('ou:asset :org -> ou:org +:name=vertex'))
+            self.len(1, await core.nodes('ou:asset :owner -> ps:contact +:name=foo '))
+            self.len(1, await core.nodes('ou:asset :operator -> ps:contact +:name=bar '))
+
     async def test_ou_code_prefixes(self):
         guid0 = s_common.guid()
         guid1 = s_common.guid()

synapse/tests/test_model_risk.py

@@ -542,6 +542,7 @@ async def test_model_risk_mitigation(self):
                 risk:mitigation=*
                     :vuln=*
                     :name="  FooBar  "
+                    :type=foo.bar
                     :desc=BazFaz
                     :hardware=*
                     :software=*
@@ -552,11 +553,13 @@ async def test_model_risk_mitigation(self):
             self.eq('foobar', nodes[0].props['name'])
             self.eq('BazFaz', nodes[0].props['desc'])
             self.eq('vertex', nodes[0].get('reporter:name'))
+            self.eq('foo.bar.', nodes[0].get('type'))
             self.nn(nodes[0].get('reporter'))
             self.len(1, await core.nodes('risk:mitigation -> risk:vuln'))
             self.len(1, await core.nodes('risk:mitigation -> it:prod:softver'))
             self.len(1, await core.nodes('risk:mitigation -> it:prod:hardware'))
             self.len(1, await core.nodes('risk:mitigation -> it:mitre:attack:mitigation'))
+            self.len(1, await core.nodes('risk:mitigation -> risk:mitigation:type:taxonomy'))
 
     async def test_model_risk_tool_software(self):