Merge pull request #185 from mitre-attack/fix/#183-tactics-count

Fix/#183 tactics count

Author: isaisabel

CHANGELOG.md

@@ -51,6 +51,7 @@
 - Fixed a crash that occurred when building the site with mitigations that have no relationships with techniques. See issue [#153](https://github.com/mitre-attack/attack-website/issues/153).
 - Fixed outdated ATT&CK Navigator link on the contact page. See issue [#143](https://github.com/mitre-attack/attack-website/issues/143).
 - Updated incorrect technique count on March 2020 update. See issue [#141](https://github.com/mitre-attack/attack-website/issues/141).
+- Fixed number of tactics displayed on tactics overview pages. See issue [#183](https://github.com/mitre-attack/attack-website/issues/183).
 
 ## ATT&CK Website version 2.0
 ### New Features

attack-theme/templates/resources/contribute.html

@@ -16,31 +16,22 @@
 
             <div class="card mb-4 danger-card">
                 <div class="card-header">
-                    <h5 class="mb-0">November 2019 Contribution Update</h5>
+                    <h5 class="mb-0">April 2020 Contribution Update</h5>
                 </div>
                 <div class="card-body">
                     <!-- <div class="card-title">
                     </div> -->
-                    <p class="card-text">         
-                        Due to the major change to ATT&CK with the addition of sub-techniques, we are asking for the community’s patience 
-                        because we will be delayed in incorporating contributions into Enterprise and PRE-ATT&CK over the next several months until we complete the sub-technique 
-                        migration. You can read more about sub-techniques and why this is such a big change for ATT&CK <a href="https://medium.com/mitre-attack/attack-sub-techniques-preview-b79ff0ba669a">here</a>.
-                        For new technique contributions, you may continue to send them to <a href="mailto:[email protected]">[email protected]</a>, 
-                        but please keep in mind that we may not reply for several months as we work to include contributions into the sub-technique 
-                        refactoring. Contributions for Mobile will continue as normal. For new Group and Software contributions to Enterprise or PRE-ATT&CK, we ask that you please temporarily put a hold on sending these to us 
-                        until we make the change to sub-techniques. 
-                        (This will allow us to focus on migrating existing Groups and Software, as new contributions would add to our workload.) 
-                        We do appreciate your contributions and feedback, but ask for your patience and understanding over the next several months 
-                        as we focus all our efforts on adding sub-techniques.
-                    </p>
                     <p class="card-text">
-                        If you send technique contributions, it may take us several months to get back to you. We may ask you follow-up questions 
-                        to help us understand your contribution and gather additional information. 
-                        We recommend you read our <a href="/docs/ATTACK_Design_and_Philosophy_March_2020.pdf">philosophy paper</a> to understand our approach to maintaining ATT&CK so that we get the right 
-                        details up front. If we find the contribution fills a gap, then we will make edits and send you a draft version of the 
-                        technique page for your review prior to it being published, listing you as a contributor if desired. The next content update 
-                        will not be until 2020 and will be in a parallel site to attack.mitre.org to allow the community time to incorporate 
-                        sub-techniques.
+                        We recently released a beta version of <a href="https://attack.mitre.org/beta/">ATT&CK with sub-techniques</a> 
+                        and published <a href="https://medium.com/mitre-attack/attack-subs-what-you-need-to-know-99bce414ae0b">a blog post</a>
+                        describing the resulting changes. We haven’t been adding technique, group, or software contributions while we were 
+                        implementing sub-techniques, resulting in a decent sized backlog since the last update in October 2019.
+                        We will be working through that backlog now and are accepting contributions again for techniques, groups and software. 
+                        As stated in our blog post, <b>any new content in ATT&CK will only be added to the sub-technique version.</b> If you are contributing techniques we'd ask
+                        that you look if the behavior might be an appropriate sub-technique <a href="https://attack.mitre.org/beta/techniques/enterprise/">
+                        of an existing technique</a>. If you are contributing groups 
+                        or software entries, we’d ask you to leverage <a href="https://attack.mitre.org/beta/">the sub-technique version of ATT&CK</a>.
+                        New contributions will next be reflected when ATT&CK with sub-techniques goes live, currently slated for early July. 
                     </p>
                 </div>
             </div>
@@ -69,36 +60,36 @@ <h1 class="blog-post-title mb-4">Contribute</h1>
                 </p>
                 <h4 class="contribution-headers">Contributing to ATT&amp;CK</h4>
                 <div class="bs-callout bs-callout-success">
-                    <h5 class="contribution-headers">Techniques</h5>
+                    <h5 class="contribution-headers">Sub-Techniques and Techniques</h5>
                         <p>
                             We appreciate your help to let us know about what new techniques and technique variations adversaries 
-                            and red teamers are using. You can start by emailing us the technique name, a brief description, and 
-                            references or knowledge about how it is being used by adversaries or red teams. 
+                            are using in the wild. You can start by emailing us the technique name, a brief description, and 
+                            references or knowledge about how it is being used by adversaries. 
                             We suggest you take a close look at what we already have on our site, paying attention 
-                            to the level of abstraction of techniques. Since we are working on adding new technique details
+                            to the level of abstraction of techniques and sub-techniques. Since we are working on adding new technique details
                             constantly, we will deconflict what you send with what we’re working on. We’ll provide feedback
                             and work with you to get the content added.
                         </p>
                 </div>
 
                 <div class="bs-callout bs-callout-primary">
-                    <h5 class="contribution-headers">macOS and Linux</h5>
+                    <h5 class="contribution-headers">macOS, Linux, cloud, and ICS</h5>
                     <p>
-                        While we are looking for new techniques for Windows, macOS, and Linux, we are interested in macOS and Linux 
-                        techniques in particular since there is a lack of publicly available threat intel for techniques used against
-                        those systems. This leads to gaps in the knowledge base that you can help fill.
+                        While we also cover the Windows and mobile platforms, we are particularly interested in new macOS, Linux, cloud, and ICS techniques
+                        since there is a lack of publicly available threat intel for techniques used against
+                        those platforms. This leads to gaps in the knowledge base that you can help fill.
                     </p>
                 </div>
 
                 <div class="bs-callout bs-callout-info">
-                    <h5 class="contribution-headers">Threat Intelligence (Contributions paused until early 2020 due to sub-technique migration)</h5>
+                    <h5 class="contribution-headers">Threat Intelligence</h5>
                     <p>
                         We map Group and Software examples on our site, and there is too much open source threat intelligence 
                         reporting for us to keep up on everything. We appreciate your help with referenced information about 
                         how Groups and Software samples use ATT&CK techniques. 
                         Threat intelligence contributions are most helpful to us when they are in the specific format we have 
                         on our website, including citing techniques and group names or associated groups to 
-                        publicly-available references. We ask that you provide the technique name, a brief description of 
+                        publicly-available references. We ask that you provide the sub-technique or technique name, a brief description of 
                         how the technique is implemented, and the publicly-available reference.
                     </p>
                 </div>
@@ -125,7 +116,7 @@ <h4 class="contribution-headers">Contribution Examples</h4>
                     <h5>New Technique Example</h5>
                     <div class="example-container">
                         <div class="examples-div">
-                            <h6 class="example-fields">Technique Name:</h6>
+                            <h6 class="example-fields">(Sub-)Technique Name:</h6>
                             <p class="examples-p mr-0">COM, ROM, & BE GONE </p>
                             <h6 class="margin-contribute-a example-fields">Tactic:</h6>
                             <p class="examples-p">Persistence</p>
@@ -136,13 +127,16 @@ <h6 class="example-fields">Platform:</h6>
                             <h6 class="margin-contribute-b example-fields">Required Permissions:</h6>
                             <p class="examples-p mr-0">User</p>
                         </div>
+                        <p class="examples-p mr-0 ml-0">
+                            <span class="example-fields">Sub-techniques:</span> This is a sub-technique of T1XXX, or this would have T1XXX as a sub-technique
+                        </p>
                         <p class="examples-p mr-0 ml-0">
                             <span class="example-fields">Data Sources:</span> Windows API, Process monitoring, 
                             or other sources that can be used to detect this activity
                         </p>
                         <p class="examples-p mr-0 ml-0">
                             <span class="example-fields">Description:</span> Component Object Model (COM) servers
-                             associated with Graphics Interchange Format (GIF) image viewers can be abused to corrupt arbitrary memory banks. Adversaries may leverage this opportunity to modify, mux, and maliciously annoy (MMA) read-only memory (ROM) regularly accessed during normal system operations.
+                             associated with Graphics Interchange Format (JIF) image viewers can be abused to corrupt arbitrary memory banks. Adversaries may leverage this opportunity to modify, mux, and maliciously annoy (MMA) read-only memory (ROM) regularly accessed during normal system operations.
                         </p>
                         <p class="examples-p mr-0 ml-0">
                             <span class="example-fields">Detection:</span> Monitor the JIF viewers for muxing 
@@ -168,7 +162,7 @@ <h6 class="margin-contribute-b example-fields">Required Permissions:</h6>
                 </div>
 
                 <div class="new-examples second-example">
-                    <h5>Group & Software Example (Contributions paused until early 2020 due to sub-technique migration)</h5>
+                    <h5>Group & Software Example</h5>
                     <div class="example-container">
                         <p class="examples-p mr-0 ml-0">
                             <span class="example-fields">Group Name:</span> FUZZYSNUGGLYDUCK (www[.]sourceX[.]com)
@@ -186,7 +180,7 @@ <h5>Group & Software Example (Contributions paused until early 2020 due to sub-t
                         <h6 class="nested-examples-div example-fields">Techniques:</h6>   
                         <ul> 
                             <li>
-                                Spearphishing Attachment (T1193) – FUZZYSNUGGLYDUCK has used spearphishing 
+                                Phishing: Spearphishing Attachment (T1566.001) – FUZZYSNUGGLYDUCK has used spearphishing 
                                 email attachments containing images of stale bread to deliver malware. (www[.]sourceX[.]com)
                             </li>
                             <li>
@@ -218,7 +212,7 @@ <h6 class="nested-examples-div example-fields">Techniques:</h6>
                         <h6 class="example-fields">Techniques:</h6>
                         <ul>
                             <li>
-                                Registry Run Keys / Start Folder (T1060) – FLYINGV has added 
+                                Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder (T1547.001) – FLYINGV has added 
                                 the Registry Run key “HueyDeweyLouie” to establish persistence. (www[.]sourceX[.]com)
                             </li>
                             <li>

modules/tactic.py

@@ -45,7 +45,7 @@ def generate_domain_markdown(domain, techniques_no_sub, tactics, side_nav_data):
     # Write out the markdown file for overview of domain
     data = {
         'domain': domain.split("-")[0],
-        'tactics_list_len': str(len(tactics))
+        'tactics_list_len': str(len(tactics[domain]))
     }
 
     data['side_menu_data'] = side_nav_data