fixing syntax

mitre-attack · Jul 18, 2023 · 9ea41a6 · 9ea41a6
1 parent e82b1ca
commit 9ea41a6
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 65 deletions.
diff --git a/docs/diffinstix.rst b/docs/diffinstix.rst
@@ -12,44 +12,44 @@ Run `diff_stix -h` for full usage instructions.
 Print full usage instructions:
 
 .. code:: bash
-# You must run `pip install mitreattack-python` in order to access the diff_stix command
-  diff_stix --help
-  usage: diff_stix [-h] [--old OLD] [--new NEW] [--domains {enterprise-attack,mobile-attack,ics-attack} [{enterprise-attack,mobile-attack,ics-attack} ...]] [--markdown-file MARKDOWN_FILE] [--html-file         HTML_FILE] [--html-file-detailed HTML_FILE_DETAILED]
-                  [--json-file JSON_FILE] [--layers [LAYERS ...]] [--site_prefix SITE_PREFIX] [--unchanged] [--use-mitre-cti] [--show-key] [--contributors] [--no-contributors] [-v]
-
-  Create changelog reports on the differences between two versions of the ATT&CK content. Takes STIX bundles as input. For default operation, put enterprise-attack.json, mobile-attack.json, and ics-attack.json bundles in 'old' and 'new' folders for the script to compare.
-
-  options:
-    -h, --help            show this help message and exit
-    --old OLD             Directory to load old STIX data from.
-    --new NEW             Directory to load new STIX data from.
-    --domains {enterprise-attack,mobile-attack,ics-attack} [{enterprise-attack,mobile-attack,ics-attack} ...]
-                          Which domains to report on. Choices (and defaults) are enterprise-attack, mobile-attack, ics-attack
-    --markdown-file MARKDOWN_FILE
-                          Create a markdown file reporting changes.
-    --html-file HTML_FILE
-                          Create HTML page from markdown content.
-    --html-file-detailed HTML_FILE_DETAILED
-                          Create an HTML file reporting detailed changes.
-    --json-file JSON_FILE
-                          Create a JSON file reporting changes.
-    --layers [LAYERS ...]
-                          Create layer files showing changes in each domain expected order of filenames is 'enterprise', 'mobile', 'ics', 'pre attack'. If values are unspecified, defaults to output/January_2023_Updates_Enterprise.json,
-                          output/January_2023_Updates_Mobile.json, output/January_2023_Updates_ICS.json, output/January_2023_Updates_Pre.json
-    --site_prefix SITE_PREFIX
-                          Prefix links in markdown output, e.g. [prefix]/techniques/T1484
-    --unchanged           Show objects without changes in the markdown output
-    --use-mitre-cti       Use content from the MITRE CTI repo for the -old data
-    --show-key            Add a key explaining the change types to the markdown
-    --contributors        Show new contributors between releases
-    --no-contributors     Do not show new contributors between releases
-    -v, --verbose         Print status messages
+  # You must run `pip install mitreattack-python` in order to access the diff_stix command
+    diff_stix --help
+    usage: diff_stix [-h] [--old OLD] [--new NEW] [--domains {enterprise-attack,mobile-attack,ics-attack} [{enterprise-attack,mobile-attack,ics-attack} ...]] [--markdown-file MARKDOWN_FILE] [--html-file         HTML_FILE] [--html-file-detailed HTML_FILE_DETAILED]
+                    [--json-file JSON_FILE] [--layers [LAYERS ...]] [--site_prefix SITE_PREFIX] [--unchanged] [--use-mitre-cti] [--show-key] [--contributors] [--no-contributors] [-v]
+
+    Create changelog reports on the differences between two versions of the ATT&CK content. Takes STIX bundles as input. For default operation, put enterprise-attack.json, mobile-attack.json, and ics-attack.json bundles in 'old' and 'new' folders for the script to compare.
+
+    options:
+      -h, --help            show this help message and exit
+      --old OLD             Directory to load old STIX data from.
+      --new NEW             Directory to load new STIX data from.
+      --domains {enterprise-attack,mobile-attack,ics-attack} [{enterprise-attack,mobile-attack,ics-attack} ...]
+                            Which domains to report on. Choices (and defaults) are enterprise-attack, mobile-attack, ics-attack
+      --markdown-file MARKDOWN_FILE
+                            Create a markdown file reporting changes.
+      --html-file HTML_FILE
+                            Create HTML page from markdown content.
+      --html-file-detailed HTML_FILE_DETAILED
+                            Create an HTML file reporting detailed changes.
+      --json-file JSON_FILE
+                            Create a JSON file reporting changes.
+      --layers [LAYERS ...]
+                            Create layer files showing changes in each domain expected order of filenames is 'enterprise', 'mobile', 'ics', 'pre attack'. If values are unspecified, defaults to output/January_2023_Updates_Enterprise.json,
+                            output/January_2023_Updates_Mobile.json, output/January_2023_Updates_ICS.json, output/January_2023_Updates_Pre.json
+      --site_prefix SITE_PREFIX
+                            Prefix links in markdown output, e.g. [prefix]/techniques/T1484
+      --unchanged           Show objects without changes in the markdown output
+      --use-mitre-cti       Use content from the MITRE CTI repo for the -old data
+      --show-key            Add a key explaining the change types to the markdown
+      --contributors        Show new contributors between releases
+      --no-contributors     Do not show new contributors between releases
+      -v, --verbose         Print status messages
 
 
 Example execution:
 
 .. code:: bash
-diff_stix -v --show-key --html-file output/changelog.html --html-file-detailed output/changelog-detailed.html --markdown-file output/changelog.md  --json-file output/changelog.json --layers output/layer-enterprise.json output/layer-mobile.json output/layer-ics.json --old path/to/old/stix/ --new path/to/new/stix/
+  diff_stix -v --show-key --html-file output/changelog.html --html-file-detailed output/changelog-detailed.html --markdown-file output/changelog.md  --json-file output/changelog.json --layers output/layer-enterprise.json output/layer-mobile.json output/layer-ics.json --old path/to/old/stix/ --new path/to/new/stix/
 
 
 **Changelog JSON format**
@@ -59,33 +59,33 @@ This is the overall structure you can expect to find in the file.
 A brief explanation of key pieces can be found below.
 
 .. code-block:: json
-  {
-    "enterprise-attack": {
-      "techniques": {
-          "additions": [],
-          "major_version_changes": [],
-          "minor_version_changes": [],
-          "other_version_changes": [],
-          "patches": [],
-          "revocations": [],
-          "deprecations": [],
-          "deletions": [],
+    {
+      "enterprise-attack": {
+        "techniques": {
+            "additions": [],
+            "major_version_changes": [],
+            "minor_version_changes": [],
+            "other_version_changes": [],
+            "patches": [],
+            "revocations": [],
+            "deprecations": [],
+            "deletions": [],
+        },
+        "software": {},
+        "groups": {},
+        "campaigns": {},
+        "mitigations": {},
+        "datasources": {},
+        "datacomponents": {}
       },
-      "software": {},
-      "groups": {},
-      "campaigns": {},
-      "mitigations": {},
-      "datasources": {},
-      "datacomponents": {}
-    },
-    "mobile-attack": {},
-    "ics-attack": {},
-    "new-contributors": [
-      "Contributor A",
-      "Contributor B",
-      "Contributor C"
-    ]
-  }
+      "mobile-attack": {},
+      "ics-attack": {},
+      "new-contributors": [
+        "Contributor A",
+        "Contributor B",
+        "Contributor C"
+      ]
+    }
 
 
 * The top-level objects include information about specific domains as well as `new-contributors`, which are only found in the newer ATT&CK release.

diff --git a/docs/stix_primer/access-attack.rst b/docs/stix_primer/access-attack.rst
@@ -56,7 +56,7 @@ Many users may opt to access the ATT&CK content via a local copy of the STIX dat
 - User can modify the ATT&CK content if desired
 - Downloaded copy is static, so updates to the ATT&CK catalog won't cause bugs in automated workflows. User can still manually update by cloning a fresh version of the data
 
-#### Access via FileSystemSource
+**Access via FileSystemSource**
 
 Each domain in this repo is formatted according to the [STIX2 FileSystem spec](https://stix2.readthedocs.io/en/latest/guide/filesystem.html).
 Therefore you can use a `FileSystemSource` to load a domain, for example to load the enterprise-attack domain:
@@ -91,11 +91,18 @@ Some users may instead prefer to access "live" ATT&CK content over the internet.
 
 Users can access the ATT&CK data from the official ATT&CK TAXII server. In TAXII, the ATT&CK domains are represented as collections with static IDs:
 
-| domain | collection ID |
-|:-------|:--------------|
-| `enterprise-attack` | `95ecc380-afe9-11e4-9b6c-751b66dd541e` |
-| `mobile-attack` | `2f669986-b40b-4423-b720-4396ca6a462b` |
-| `ics-attack` | `02c3ef24-9cd4-48f3-a99f-b74ce24f1d34` |
+.. list-table::  
+   :widths: 50 50
+   :header-rows: 1
+
+   * - domain
+     - collection ID
+   * - `enterprise-attack`
+     - `95ecc380-afe9-11e4-9b6c-751b66dd541e`
+   * - `mobile-attack` 
+     - `2f669986-b40b-4423-b720-4396ca6a462b`
+   * - `ics-attack`
+     - `02c3ef24-9cd4-48f3-a99f-b74ce24f1d34`
 
 You can also get a list of available collection from the server directly: