updating some extractions (#69)

muchdogesec · Nov 17, 2024 · 4bb6aec · 4bb6aec
1 parent 3b2e0fb
commit 4bb6aec
Show file tree

Hide file tree

Showing 9 changed files with 18 additions and 224 deletions.
diff --git a/includes/extractions/ai/config.yaml b/includes/extractions/ai/config.yaml
@@ -12,6 +12,7 @@ ai_cryptocurrency_btc_wallet:
   created_by: DOGESEC
   version: 1.0.0
   prompt_base: 'Extract all Bitcoin Wallet hashes from the text.'
+  prompt_helper:
   prompt_conversion: ''
   test_cases: generic_cryptocurrency_btc_wallet
   ignore_extractions:
@@ -28,6 +29,7 @@ ai_cryptocurrency_btc_transaction:
   created_by: DOGESEC
   version: 1.0.0
   prompt_base: 'Extract all Cryptocurrency Bitcoin Transaction hashes from the text.'
+  prompt_helper:
   prompt_conversion: ''
   test_cases: generic_cryptocurrency_btc_transaction
   ignore_extractions:
@@ -46,10 +48,9 @@ ai_phone_number:
   created_by: DOGESEC
   version: 1.0.0
   prompt_base: 'Extract all phone numbers from the text.'
+  prompt_helper:
   prompt_conversion: 'If possible, please convert the number to the E.164 standard with the correct country code. Remove any whitespace from the final value.'
   test_cases: generic_phone_number
-  ignore_extractions:
-    - 
   stix_mapping: phone-number
 
 ####### County extractions #######
@@ -63,11 +64,10 @@ ai_country_alpha2:
   modified: 2020-01-01
   created_by: DOGESEC
   version: 1.0.0
-  prompt_base: 'Extract all countries from the text, including countries printed as IS0-3166 Alpha2 and Alpha3 codes.'
-  prompt_conversion: 'Convert all extractions to IS0-3166 Alpha2 codes.'
+  prompt_base: 'Extract all countries described in the text, including countries printed as IS0-3166 Alpha2 and Alpha3 codes.'
+  prompt_helper: 'If you are unsure, you can read more about the standard here: https://www.iso.org/iso-3166-country-codes.html'
+  prompt_conversion: 'Convert all country extractions to their corresponding IS0-3166 Alpha2 codes.'
   test_cases: ai_country_alpha2
-  ignore_extractions:
-    - 
   stix_mapping: location
 
 ####### MITRE ATT&CK #######
@@ -81,11 +81,10 @@ ai_mitre_attack_enterprise:
   modified: 2020-01-01
   created_by: DOGESEC
   version: 1.0.0
-  prompt_base: 'Extract all MITRE ATT&CK Enterprise tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Mobile in the results.'
+  prompt_base: 'Extract all references to MITRE ATT&CK Enterprise tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Mobile in the results.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/enterprise/'
   prompt_conversion: 'Convert all extractions into the corresponding ATT&CK ID.'
   test_cases: generic_mitre_attack_enterprise
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-enterprise-id
 
 ai_mitre_attack_mobile:
@@ -97,11 +96,10 @@ ai_mitre_attack_mobile:
   modified: 2020-01-01
   created_by: DOGESEC
   version: 1.0.0
-  prompt_base: 'Extract all MITRE ATT&CK Mobile tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Enterprise in the results.'
+  prompt_base: 'Extract all references to MITRE ATT&CK Mobile tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Enterprise in the results.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/mobile/'
   prompt_conversion: 'Convert all extractions into the corresponding ATT&CK ID.'
   test_cases: generic_mitre_attack_mobile
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-mobile-id
 
 ai_mitre_attack_ics:
@@ -113,11 +111,10 @@ ai_mitre_attack_ics:
   modified: 2020-01-01
   created_by: DOGESEC
   version: 1.0.0
-  prompt_base: 'Extract all MITRE ATT&CK ICS tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. Do not include MITRE ATT&CK Mobile or MITRE ATT&CK Enterprise in the results.'
+  prompt_base: 'Extract all references to MITRE ATT&CK ICS tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK Mobile or MITRE ATT&CK Enterprise in the results.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/ics/'
   prompt_conversion: 'Convert all extractions into the corresponding ATT&CK ID.'
   test_cases: generic_mitre_attack_ics
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-ics-id
 
 ####### MITRE CAPEC #######
@@ -132,10 +129,9 @@ ai_mitre_capec:
   created_by: DOGESEC
   version: 1.0.0
   prompt_base: 'Extract all references to a MITRE CAPEC object.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE CAPEC here: https://capec.mitre.org/'
   prompt_conversion: 'Convert all extractions into the corresponding CAPEC ID in the format `CAPEC-ID`'
   test_cases: generic_mitre_capec
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-capec-id
 
 ####### MITRE CWE #######
@@ -150,8 +146,7 @@ ai_mitre_cwe:
   created_by: DOGESEC
   version: 1.0.0
   prompt_base: 'Extract all references to a MITRE CWE object.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE CAPEC here: https://cwe.mitre.org/'
   prompt_conversion: 'Convert all extractions into the corresponding CWE ID in the format `CWE-ID`'
   test_cases: generic_mitre_cwe
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-cwe-id
diff --git a/includes/extractions/ai/schema.yaml b/includes/extractions/ai/schema.yaml
diff --git a/includes/extractions/lookup/config.yaml b/includes/extractions/lookup/config.yaml
@@ -13,8 +13,6 @@ lookup_mitre_attack_enterprise_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_attack_enterprise
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-enterprise-id
 
 lookup_mitre_attack_enterprise_name:
@@ -28,8 +26,6 @@ lookup_mitre_attack_enterprise_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_attack_enterprise_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-enterprise-name
 
 lookup_mitre_attack_mobile_id:
@@ -43,8 +39,6 @@ lookup_mitre_attack_mobile_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_attack_mobile
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-mobile-id
 
 lookup_mitre_attack_mobile_name:
@@ -58,8 +52,6 @@ lookup_mitre_attack_mobile_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_attack_mobile_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-mobile-name
 
 lookup_mitre_attack_ics_id:
@@ -73,8 +65,6 @@ lookup_mitre_attack_ics_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_attack_ics
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-ics-id
 
 lookup_mitre_attack_ics_name:
@@ -88,8 +78,6 @@ lookup_mitre_attack_ics_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_attack_ics_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-attack-ics-name
 
 ####### MITRE CAPEC #######
@@ -105,8 +93,6 @@ lookup_mitre_capec_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_capec
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-capec-id
 
 lookup_mitre_capec_name:
@@ -120,8 +106,6 @@ lookup_mitre_capec_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_capec_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-capec-name
 
 ####### MITRE CWE #######
@@ -137,8 +121,6 @@ lookup_mitre_cwe_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_cwe
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-cwe-id
 
 lookup_mitre_cwe_name:
@@ -152,8 +134,6 @@ lookup_mitre_cwe_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_cwe_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-cwe-name
 
 ####### MITRE ATLAS #######
@@ -169,8 +149,6 @@ lookup_mitre_atlas_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_atlas
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-atlas-id
 
 lookup_mitre_atlas_name:
@@ -184,8 +162,6 @@ lookup_mitre_atlas_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_mitre_atlas_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-mitre-atlas-name
 
 ####### DISARM #######
@@ -201,8 +177,6 @@ lookup_disarm_id:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_disarm
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-disarm-id
 
 lookup_disarm_name:
@@ -216,8 +190,6 @@ lookup_disarm_name:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_disarm_name
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-disarm-name
 
 ####### County extractions #######
@@ -233,8 +205,6 @@ lookup_country_alpha2:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: generic_country_alpha2
-  ignore_extractions:
-    - 
   stix_mapping: ctibutler-location
 
 ####### Misc STIX Objects #######
@@ -250,8 +220,6 @@ lookup_attack_pattern:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_attack_pattern
-  ignore_extractions:
-    - 
   stix_mapping: attack-pattern
 
 lookup_campaign:
@@ -265,8 +233,6 @@ lookup_campaign:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_campaign
-  ignore_extractions:
-    - 
   stix_mapping: campaign
 
 lookup_course_of_action:
@@ -280,8 +246,6 @@ lookup_course_of_action:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_course_of_action
-  ignore_extractions:
-    - 
   stix_mapping: course-of-action
 
 lookup_identity:
@@ -295,8 +259,6 @@ lookup_identity:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_identity
-  ignore_extractions:
-    - 
   stix_mapping: identity
   identity: lookups/identity.txt
 
@@ -311,8 +273,6 @@ lookup_infrastructure:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_infrastructure
-  ignore_extractions:
-    - 
   stix_mapping: infrastructure
 
 lookup_intrusion_set:
@@ -326,8 +286,6 @@ lookup_intrusion_set:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_intrusion_set
-  ignore_extractions:
-    - 
   stix_mapping: intrusion-set
 
 lookup_malware:
@@ -341,8 +299,6 @@ lookup_malware:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_malware
-  ignore_extractions:
-    - 
   stix_mapping: malware
 
 lookup_threat_actor:
@@ -356,8 +312,6 @@ lookup_threat_actor:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_threat_actor
-  ignore_extractions:
-    - 
   stix_mapping: threat-actor
 
 lookup_tool:
@@ -371,6 +325,4 @@ lookup_tool:
   created_by: DOGESEC
   version: 1.0.0
   test_cases: lookup_tool
-  ignore_extractions:
-    - 
   stix_mapping: tool
diff --git a/includes/extractions/lookup/schema.yaml b/includes/extractions/lookup/schema.yaml