Thread-analysis/project.py at main · jsurendra72/Thread-analysis · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import requests
# Dataset URL
url = "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json"
# Fetch dataset
response = requests.get(url)
data = response.json()
# Extract only attack-pattern objects
techniques = [
    obj for obj in data.get("objects", [])
    if obj.get("type") == "attack-pattern"
]
print("Total Techniques Found:", len(techniques))
def threat_score(tech):
    score = 5  # Base score
    name = tech.get("name", "").lower()
    description = tech.get("description", "").lower()
    # Name-based scoring
    if "credential" in name:
        score += 3
    if "execution" in name:
        score += 2
    if "privilege" in name:
        score += 3
    if "persistence" in name:
        score += 2
    if "lateral" in name:
        score += 2
    # Description-based scoring
    if "administrator" in description:
        score += 2
    if "remote" in description:
        score += 2
    if "bypass" in description:
        score += 2
    if "stealth" in description:
        score += 1
    return score
# Score all techniques
scored_techniques = []
for tech in techniques:
    score = threat_score(tech)
    scored_techniques.append((tech.get("name"), score))
# Sort by score (highest first)
scored_techniques.sort(key=lambda x: x[1], reverse=True)
print("\nTop 10 Highest-Risk Techniques:\n")
for name, score in scored_techniques[:10]:
    print(f"{name} — Score: {score}")
print("\nCritical Threats (Score >= 8.9):\n")
for name, score in scored_techniques:
    if score >= 8.9:
        print(f"{name} — Score: {score}")