Skip to content

feat(convert): export DIMA en galaxy MISP#42

Open
sebdraven wants to merge 3 commits into
mainfrom
feat/misp-galaxy-export
Open

feat(convert): export DIMA en galaxy MISP#42
sebdraven wants to merge 3 commits into
mainfrom
feat/misp-galaxy-export

Conversation

@sebdraven
Copy link
Copy Markdown
Member

@sebdraven sebdraven commented May 15, 2026

Summary

Ajoute la sous-commande md2misp au script dima_convert.py qui produit une galaxy MISP importable, generee depuis les 4 fichiers markdown du repo.

Sortie

misp/
  galaxies/dima.json    # descripteur de galaxy (UUID fixe)
  clusters/dima.json    # cluster avec une entree par TA et TE

Modele

  • Chaque tactique (TA####) -> une entree type=tactic avec meta.external_id, meta.phase.
  • Chaque technique (TE####) -> une entree type=technique avec meta.external_id, meta.phase, meta.tactic, et un related[] pointant vers l'UUID de sa tactique (subtechnique-of).
  • URLs extraites des descriptions et sections (Exemples, References, ...) -> meta.refs.
  • Tous les UUIDs sont derives via uuid5(NAMESPACE, "dima:PHASE:ID") -> deterministes : une re-execution produit un fichier identique au bit pres.

Contenu bundle

La generation misp/ est commise telle quelle pour les utilisateurs MISP : 17 tactiques, 44 techniques (cf. les 4 phases apres homogeneisation).

Usage

uv run src/dima_convert.py md2misp                 # -> misp/galaxies/dima.json + misp/clusters/dima.json
uv run src/dima_convert.py md2misp -o /chemin/out  # repertoire de sortie personnalise

Test plan

  • uv run pytest -> 27 passed (5 nouveaux tests MISP)
  • Verifier que la regeneration produit byte-pour-byte le meme fichier (UUIDs deterministes)
  • Importer misp/galaxies/dima.json + misp/clusters/dima.json dans une instance MISP de test

Generated with Claude Code

@sebdraven @claude
feat(convert): export the matrix as a MISP galaxy
1d45b88 
Adds an md2misp subcommand to dima_convert that turns the four phase
files into a MISP-compatible galaxy+cluster pair:

- misp/galaxies/dima.json  -- galaxy descriptor (fixed UUID)
- misp/clusters/dima.json  -- one entry per TA and TE

Each value carries the original ID in meta.external_id, the phase, and
for techniques the parent tactic, plus a related[] link to that tactic
(subtechnique-of). URLs extracted from descriptions and sections become
meta.refs. All UUIDs are derived via uuid5 from a fixed namespace so a
re-run produces byte-identical output.

The bundled misp/ output (17 TA, 44 TE) was generated from the current
markdown so MISP users can import it as-is.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sebdraven sebdraven mentioned this pull request May 15, 2026
Closed
sebdraven and others added 2 commits May 15, 2026 17:37
@sebdraven @claude
ci: verify misp/ stays in sync with the markdown sources
58222ec 
Adds a MISP-galaxy workflow that regenerates the cluster+galaxy pair
into a scratch directory on every PR and push to main and diffs it
against the committed misp/ tree. If the two differ, the job fails
with a message telling the contributor to run

    uv run src/dima_convert.py md2misp -o misp

and commit the result. JSON parse-ability of both output files is also
checked.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sebdraven @claude
fix(convert): force LF line endings on generated files
2c046c1 
When the script ran on Windows, Path.write_text translated each \n to
\r\n via the universal-newlines text-mode default, so the committed
misp/ tree carried CRLF endings while a Linux regeneration produced
LF. The new misp sync-check workflow caught this on its first run.

Introduces a _write_text helper that opens the target with
newline="\n" and routes all generated outputs (md_to_json, json_to_md,
md2misp) through it. Regenerates misp/ on Windows to land an LF-only
committed copy that matches what CI will produce.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sebdraven sebdraven mentioned this pull request May 15, 2026
Merged
sebdraven added a commit that referenced this pull request May 15, 2026
@sebdraven @claude
docs: drop MISP galaxy mentions until that PR lands
bd4a506 
PR #42 is still in review. Removes from the README the quick-start row,
the dedicated MISP section, the md2misp command sample, the misp.yml CI
row and the misp/ entry in the repo layout. They will be added back in
a follow-up commit once #42 is merged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@adulau
Copy link
Copy Markdown

adulau commented May 26, 2026

Fixed in https://github.com/MISP/misp-galaxy/blob/main/tools/gen_dima.py and now part of the official misp-galaxy.

https://www.misp-galaxy.org/dima-techniques/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sebdraven @adulau