quick way to produce att&ck navigator layers

generate-att&ckjson.ps1

#baseline_layer.json is exported layer from the navigator... there certainly is a way to create the json from scratch reviewing specs, but it was very fsat to just do this.
$sourcefile = ".attack nav layers\baseline_layer.json"

$offtechoutfile = ".\attack nav layers\offensive_techs.json"
$deftechoutfile = ".\attack nav layers\defensive_techs.json"


#goal here is to:
# define two att&ck navigator layer json files
#  one is for offensive techniques
#   score of offensive techniques will be 1
#   comment will be the source
#  one if for defenseive techniques
#   score of defensive techniques will be 2
#   comment will be the source
# as a result, you can add the two layers, then combine the layers with an arithmetic operation, then color code by score to understand your gaps. (score of 1 versus 2 versus 3)

#i purposefully write code so that it's easily understood.  I realize I could be more DRY, but top notch performance and low memory footprint isn't necessary for this purpose.


#step 1: build the technique data

$offensivetechniques = @"
T1003;top 43 d3fend (by offensive blast radius count)
T1005;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1012;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1016;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1018;top 43 d3fend (by offensive blast radius count)
T1027;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1027.002;top 43 d3fend (by offensive blast radius count)
T1033;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1036;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1036.004;top 43 d3fend (by offensive blast radius count)
T1036.005;top 43 d3fend (by offensive blast radius count)
T1039;ransomware actors (att&ck v11)
T1041;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1047;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1049;top 43 d3fend (by offensive blast radius count)
T1053.005;top 43 d3fend (by offensive blast radius count)
T1055;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1056.001;top 43 d3fend (by offensive blast radius count)
T1057;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1059.001;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1059.003;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1059.005;top 43 d3fend (by offensive blast radius count)
T1068;ransomware actors (att&ck v11)
T1069;ransomware actors (att&ck v11)
T1070;top 43 d3fend (by offensive blast radius count)
T1070.004;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1071;top 43 d3fend (by offensive blast radius count)
T1071.001;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1074.001;top 43 d3fend (by offensive blast radius count)
T1078;top 43 d3fend (by offensive blast radius count)
T1080;ransomware actors (att&ck v11)
T1082;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1083;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1087;ransomware actors (att&ck v11)
T1090;ransomware actors (att&ck v11)
T1095;ransomware actors (att&ck v11)
T1098;top 43 d3fend (by offensive blast radius count)
T1102;ransomware actors (att&ck v11)
T1105;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1106;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1112;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1113;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1124;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1132.001;top 43 d3fend (by offensive blast radius count)
T1133;ransomware actors (att&ck v11)
T1134;ransomware actors (att&ck v11)
T1135;ransomware actors (att&ck v11)
T1136;ransomware actors (att&ck v11)
T1137;top 43 d3fend (by offensive blast radius count)
T1140;ransomware actors (att&ck v11),top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1190;ransomware actors (att&ck v11)
T1197;ransomware actors (att&ck v11)
T1199;ransomware actors (att&ck v11)
T1204.002;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1210;ransomware actors (att&ck v11)
T1213;ransomware actors (att&ck v11)
T1217;ransomware actors (att&ck v11)
T1218;top 43 d3fend (by offensive blast radius count)
T1218.011;top 43 d3fend (by offensive blast radius count)
T1480;ransomware actors (att&ck v11)
T1485;ransomware actors (att&ck v11)
T1489;ransomware actors (att&ck v11)
T1497;ransomware actors (att&ck v11)
T1499;ransomware actors (att&ck v11)
T1505;top 43 d3fend (by offensive blast radius count)
T1518;ransomware actors (att&ck v11)
T1518.001;top 43 d3fend (by offensive blast radius count)
T1530;ransomware actors (att&ck v11)
T1539;ransomware actors (att&ck v11)
T1543.003;top 43 d3fend (by offensive blast radius count)
T1546;top 43 d3fend (by offensive blast radius count)
T1547;top 43 d3fend (by offensive blast radius count)
T1547.001;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1548;top 43 d3fend (by offensive blast radius count)
T1550;top 43 d3fend (by offensive blast radius count)
T1552;top 43 d3fend (by offensive blast radius count)
T1554;ransomware actors (att&ck v11)
T1555;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1555.003;top 43 d3fend (by offensive blast radius count)
T1560;ransomware actors (att&ck v11)
T1562;top 43 d3fend (by offensive blast radius count)
T1562.001;top 43 d3fend (by offensive blast radius count)
T1564;top 43 d3fend (by offensive blast radius count)
T1566;ransomware actors (att&ck v11),top 43 d3fend (by offensive blast radius count)
T1566.001;top 43 d3fend (by offensive blast radius count)
T1568;ransomware actors (att&ck v11)
T1571;ransomware actors (att&ck v11)
T1572;ransomware actors (att&ck v11)
T1573.001;top 20 att&ck (by procedure examples count),top 43 d3fend (by offensive blast radius count)
T1574;top 43 d3fend (by offensive blast radius count)
T1585;ransomware actors (att&ck v11)
T1588.002;top 43 d3fend (by offensive blast radius count)
T1593;ransomware actors (att&ck v11)
T1594;ransomware actors (att&ck v11)
T1614;ransomware actors (att&ck v11)
T1620;ransomware actors (att&ck v11)
"@

$offensivetechniques = $offensivetechniques -split "`n"

$offtechs = @()

foreach ( $offensivetechnique in $offensivetechniques ) {

  $out = $offensivetechnique -split ";"
  $tempobj = new-object pscustomobject
  $tempobj | add-member -membertype noteproperty -name techniqueID -value $out[0]
  $tempobj | add-member -membertype noteproperty -name comment -value $out[1]

  #populating score of 1 (for offensive technique)
  $tempobj | add-member -membertype noteproperty -name score -value 1
  
  $tempobj | add-member -membertype noteproperty -name enabled -value "true"

  $offtechs += , $tempobj
  
}





$defensivetechniques = @"
T1484;EPP,CSPM compliance framework
T1484.001;EPP
"@

$defensivetechniques = $defensivetechniques -split "`n"

$deftechs = @()

foreach ( $defensivetechnique in $defensivetechniques ) {

  $out = $defensivetechnique -split ";"
  $tempobj = new-object pscustomobject
  $tempobj | add-member -membertype noteproperty -name techniqueID -value $out[0]
  $tempobj | add-member -membertype noteproperty -name comment -value $out[1]

  #populating score of 2 (for defensive technique)
  $tempobj | add-member -membertype noteproperty -name score -value 2
  
  $tempobj | add-member -membertype noteproperty -name enabled -value "true"

  $deftechs += , $tempobj
  
}



#step 2: create a copy and mutate that copy

#...for offensive techniques
$navigatorofftechs = (get-content $sourcefile | convertfrom-json)

foreach ($offtech in $offtechs) {

  #find the technique data
  $record = $navigatorofftechs.techniques[$navigatorofftechs.techniques.techniqueid.indexof($($offtech.techniqueid))]
  
  #modify the technique data in the object
  $record | add-member -membertype noteproperty -name comment -value $offtech.comment -force
  $record | add-member -membertype noteproperty -name score -value $offtech.score -force
  $record | add-member -membertype noteproperty -name enabled -value $offtech.enabled -force
}



#...for defensive techniques
$navigatordeftechs = (get-content $sourcefile | convertfrom-json)


foreach ($deftech in $deftechs) {

  #find the technique data
  $record = $navigatordeftechs.techniques[$navigatordeftechs.techniques.techniqueid.indexof($($deftech.techniqueid))]
  
  #modify the technique data in the object
  $record | add-member -membertype noteproperty -name comment -value $deftech.comment -force
  $record | add-member -membertype noteproperty -name score -value $deftech.score -force
  $record | add-member -membertype noteproperty -name enabled -value $deftech.enabled -force
  
}

<#quickly validate score is set to 2
$navigatordeftechs.techniques | select techniqueid, score | ? {$deftechs.techniqueid -contains $_.techniqueid} | select score | sort -unique
#>



#step 4: export the data to a file
$navigatorofftechs | convertto-json -depth 100 | set-content $offtechoutfile
$navigatordeftechs | convertto-json -depth 100 | set-content $deftechoutfile