StreamlitCoverageAnalyzer Reference
StreamlitCoverageAnalyzerClient
This class is used by a streamlit app to interact with the Stellar Cyber API and MITRE ATT&CK framework
This class introduces caching and streamlit session management of data using coverage_analyzer.stellar.StellarCyberAPI and coverage_analyzer.mitre.StellarMitre classes.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
host | str | Stellar Cyber host URL (e.g. https://example.stellarcyber.cloud) | required |
username | str | Stellar Cyber username (Generally an email address) | required |
api_key | str | Stellar Cyber API key | required |
version | Literal['5.3.x', '5.2.x', '5.1.x', '4.3.7', '4.3.1', '4.3.0'] | Stellar Cyber Platform version, defaults to "5.2.x" | '5.2.x' |
verify_ssl | bool | None | Boolean to verify SSL of Stellar Cyber Host, defaults to True | None |
cache_ttl | float | timedelta | str | None | The time to live for cached data, defaults to 15m. | '15m' |
Attributes:
| Name | Type | Description |
|---|---|---|
version | Literal['5.3.x', '5.2.x', '5.1.x', '4.3.7', '4.3.1', '4.3.0'] | The version of the Stellar Cyber Platform to interact with. |
cache_ttl | float | timedelta | str | None | The time to live for cached data. |
compile_stats(data_sources, start_date, end_date, tenant_name=None)
Public method to compile statistics from tactics, techniques, and data sources into a single dictionary.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
data_sources | list[str] | The data sources to filter statistics by. | required |
start_date | date | The start date to filter statistics by. | required |
end_date | date | The end date to filter statistics by. | required |
tenant_name | str | None | The tenant name to filter statistics by. | None |
Returns:
| Type | Description |
|---|---|
dict[str, dict[str, Any]] | Dictionary of compiled statistics. |
generate_navigator_layer(name, techniques_with_scores, description=None)
Public method to generate a MITRE ATT&CK Navigator layer file.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
name | str | Name of the layer | required |
techniques_with_scores | dict[str, float] | Dictionary mapping technique IDs to scores (0-100) | required |
description | str | None | Optional description of the layer | None |
Returns:
| Type | Description |
|---|---|
dict[str, Any] | Dictionary containing the ATT&CK Navigator layer data |
get_alert_stats(alert_type_hits, data_sources, with_recommendations=None)
Public method to return a dictionary of alert statistics from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
alert_type_hits | dict[str, Any] | The alert type hits dictionary to filter alert statistics by. | required |
data_sources | list[str] | The data sources to filter alert statistics by. | required |
with_recommendations | bool | None | If True, include recomendations in the statistics. Defaults to False. | None |
Returns:
| Type | Description |
|---|---|
dict[str, Any] | Dictionary of alert statistics. |
get_alert_type_hits(start_date, end_date, tenant_name=None)
Public method to return a dictionary of alert type hits from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
start_date | date | The start date to filter alert type hits by. | required |
end_date | date | The end date to filter alert type hits by. | required |
tenant_name | str | None | The tenant name to filter alert type hits by. | None |
Returns:
| Type | Description |
|---|---|
dict[str, Any] | Dictionary of alert type hits. |
get_custom_detections(tenant_id=None, only_builtin=None, only_custom=None)
Public method to return a list of custom detections from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
tenant_id | str | None | The tenant ID to filter detections by. | None |
only_builtin | bool | None | Filter only builtin detections. | None |
only_custom | bool | None | Filter only custom detections | None |
Returns:
| Type | Description |
|---|---|
list[dict[str, Any]] | List of detections as dictionaries |
get_datasource_stats(data_sources)
Public method to return a dictionary of data source statistics from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
data_sources | list[str] | The data sources to filter data source statistics by. | required |
Returns:
| Type | Description |
|---|---|
list[dict[str, Any]] | Dictionary of data source statistics. |
get_detections()
Public method to return a list of detections from detections.stellarcyber.ai
Returns:
| Type | Description |
|---|---|
list[dict[str, Any]] | List of detections as dictionaries |
get_detections_datasources(as_options=None)
Public method to return a list of data sources objects from detections.stellarcyber.ai
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
as_options | bool | None | If True, return a list of data sources as strings. Defaults to True. | None |
Returns:
| Type | Description |
|---|---|
list[str] | list[dict[str, Any]] | List of detection data sources as dictionaries. |
get_matching_alert_types_count_from_ds(data_sources, tactic, technique=None)
Public method to return a count of matching alert types based on data sources from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
data_sources | list[str] | The data sources to filter alert types by. | required |
tactic | str | The tactic to filter alert types by. | required |
technique | str | None | The technique to filter alert types by. | None |
Returns:
| Type | Description |
|---|---|
int | Count of matching alert types. |
get_matching_alert_types_count_from_hits(alert_type_hits, tactic, technique=None)
Public method to return a count of matching alert types based on hits from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
alert_type_hits | dict[str, Any] | The alert type hits dictionary to filter alert types by. | required |
tactic | str | The tactic to filter alert types by. | required |
technique | str | None | The technique to filter alert types by. | None |
Returns:
| Type | Description |
|---|---|
int | Count of matching alert types. |
get_tactics()
Public method to return a list of tactics from the MITRE ATT&CK framework.
Returns:
| Type | Description |
|---|---|
list[dict[str, str]] | List of tactics as dictionaries. |
get_tactics_and_techniques()
Public method to return a dictionary of tactics and techniques from the MITRE ATT&CK framework.
Returns:
| Type | Description |
|---|---|
list[dict[str, Any]] | Dictionary of tactics and techniques. |
get_tactics_stats(data_sources, start_date, end_date, tenant_name=None, with_recommendations=None)
Public method to return a dictionary of statistics for the provided list of tactics from the MITRE ATT&CK framework.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
data_sources | list[str] | The data sources to filter statistics by. | required |
start_date | date | The start date to filter statistics by. | required |
end_date | date | The end date to filter statistics by. | required |
tenant_name | str | None | The tenant name to filter statistics by. | None |
with_recommendations | bool | None | If True, include recomendations in the statistics. Defaults to False. | None |
Returns:
| Type | Description |
|---|---|
dict[str, Any] | Dictionary of tactics statistics for the provided list of tactics. |
get_technique_stats(data_sources, start_date, end_date, tenant_name=None, with_recommendations=None)
Public method to return a dictionary of statistics for the provided list of tactics and their techniques from the MITRE ATT&CK framework.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
data_sources | list[str] | The data sources to filter statistics by. | required |
start_date | date | The start date to filter statistics by. | required |
end_date | date | The end date to filter statistics by. | required |
tenant_name | str | None | The tenant name to filter statistics by. | None |
with_recommendations | bool | None | If True, include recomendations in the statistics. Defaults to False. | None |
Returns:
| Type | Description |
|---|---|
dict[str, Any] | Dictionary of technique statistics for the provided list of tactics. |
get_techniques()
Public method to return a list of techniques from the MITRE ATT&CK framework.
Returns:
| Type | Description |
|---|---|
list[dict[str, Any]] | List of techniques as dictionaries. |
get_tenants()
Public method to return a list of tenants from Stellar Cyber API
Returns:
| Type | Description |
|---|---|
list[str] | list[dict[str, Any]] | List of tenants as strings |
get_used_datasources(start_date, end_date, tenant_name=None)
Public method to return a list of used data sources from Stellar Cyber API
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
start_date | date | The start date to filter data sources by. | required |
end_date | date | The end date to filter data sources by. | required |
tenant_name | str | None | The tenant name to filter data sources by. | None |
Returns:
| Type | Description |
|---|---|
list[str] | List of used data sources as strings |