normalize 'mitre_technique_id' and 'mitre_tactic_id' to 'mitre_attack'

aristotle/aristotle.py

@@ -502,8 +502,8 @@ def _enhance_metadata(self):
 
     def normalize_better(self, k, v):
         """ Try to convert date and cve related metadata values to conform to the
-            BETTER schema for filtering and statistics. Currently applies to keys,
-            'cve' and those ending with '_at' or "-at".
+            BETTER schema for filtering and statistics. Currently applies to keys
+            'cve', 'mitre_tactic_id', 'mitre_technique_id' and those ending with '_at' or "-at".
 
             :param k: key name of a metadata key-value pair
             :type k: string, required
@@ -531,6 +531,10 @@ def normalize_better(self, k, v):
                 print_warning("Unable to parse '{}' value '{}'".format(k, v))
             for cve in cves:
                 retlist.append([k, cve])
+        elif k in ['mitre_technique_id', 'mitre_tactic_id']:
+            # pull values out of 'mitre_tactic_id' and 'mitre_technique_id' metadata and
+            # put into BETTER 'mitre_attack' key
+            retlist.append(["mitre_attack", v])
         else:
             retlist.append([k, v])
         return retlist

docs/usage.rst

@@ -232,6 +232,8 @@ to the internal data structure used to store metadata and filter against:
   - ``cve`` value normalized to ``YYYY-<num>``. If multiple CVEs are represented in the
     value and strung together with a ``_`` (e.g. ``cve_2021_27561_cve_2021_27562`` [`sic`])
     then all identified CVEs will be included.
+  - Values from non-BETTER schema keys ``mitre_technique_id`` and ``mitre_tactic_id`` will be
+    put into the standards compliant ``mitre_attack`` key.
   - date key values -- determined by any key names that end with ``_at`` or ``-at`` -- will
     be attempted to be normalized to ``YYYY-MM-DD``.  A failure to parse or normalize
     the value will result in a warning message and the value being unchanged.