internal/functions/Get-Queries.ps1
|
function Get-Queries { <# .SYNOPSIS Returns queries for the selected MITRE ATT&CK Techniques & areas. .DESCRIPTION Returns queries for the selected MITRE ATT&CK Techniques & areas. .PARAMETER TechniqueIds Prompts you for the TechniqueIds which should be used to generate the queries. .PARAMETER AreaNames Prompts you for the Area Names which should be used to generate the queries. .EXAMPLE Get-Queries -TechniqueIds "'T1086', 'T1039', 'T1090'" -AreaNames "" Returns queries for the selected MITRE ATT&CK Techniques & areas. #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseSingularNouns", "")] [CmdletBinding()] param ( [Parameter(Mandatory=$True)] [string]$TechniqueIds, [string]$AreaNames ) $query = "select distinct ma.area_name, mt.technique_id, mt.technique_name, qm.title, qm.description, qm.status, qm.date, qm.author, qm.raw_yaml, qm.level, qm.filename from mitre_events me, mitre_techniques mt, mitre_areas ma, queries_data_yaml_tags qt, queries_data_yaml_main qm where me.technique_id = mt.id and qt.mitre_technique_id = mt.id and qt.m_id = qm.id and me.area_id = ma.id and ( (mt.technique_id in ($TechniqueIds) ) or (ma.area_name in ($AreaNames)) ) order by area_id, technique_name;" $result = Invoke-SqliteQuery -Query $query -DataSource $database return $result } |