A lightweight Python module to interact with the MITRE ATT&CK Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. Read the docs for more info.
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
- Python 3.x
- ujson >= 3.0.0
- requests >= 2.9.2
pip install enterpriseattack
git clone https://github.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install
docker build enterpriseattack:0.1.4 .
docker tag enterpriseattack:0.1.4 enterpriseattack:latest
docker run enterpriseattack
import enterpriseattack
attack = enterpriseattack.Attack()
In this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.
- update - boolean forces a refresh download (each time this is called), overwriting the previous file.
- include_deprecated - boolean to include Mitre Att&ck deprecated objects (from previous Att&ck versions).
attack = enterpriseattack.Attack(
enterprise_json=None,
url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',
include_deprecated=False,
update=False,
proxies={'http':'http://127.0.0.1:1337'}
)
for tactic in attack.tactics:
print(tactic.name)
for technique in tactic.techniques:
print(technique.name)
print(technique.detection)
for software in attack.software:
for technique in software.techniques:
for sub_technique in technique.sub_techniques:
print(software.name, technique.name, sub_technique.name)
for tactic in attack.tactics:
print(tactic.to_json())
for group in attack.groups:
print(group.to_json())
...
For more examples, please refer to the Documentation