MITRE ATT&CK (PyAttck)

43 min

swimlane pyattck connector the mitre att\&ck (pyattck) connector provides access to an extensive database of adversary tactics and techniques, enabling enhanced threat analysis and strategic defense planning the mitre att\&ck (pyattck) connector provides a direct link to the comprehensive mitre att\&ck framework, enabling users to retrieve detailed information on threat actors, techniques, tools, and mitigations by integrating with swimlane turbine, security professionals can enrich their automation playbooks with actionable intelligence, enhancing threat hunting and incident response capabilities this connector streamlines the process of accessing and leveraging att\&ck data, allowing for more informed decision making and improved security posture swimlane pyattck connector pyattck is a light weight python package to retrieve actors, malware, mitigations, tactics, techniques and tools from mitre att\&ck frameworks with pyattck you can access data from the enterprise, mobile, and pre att\&ck mitre att\&ck frameworks additionally, you have access to external data which provides more rich context like the ability to retrieve potential commands, queries, and detections for techniques actors and tools also have additional contextual data available this connector pulls information from swimlane's open source project, pyattck prerequisites to utilize the mitre att\&ck (pyattck) connector within swimlane, ensure you have the following custom configuration for accessing mitre att\&ck data no additional parameters required capabilities each task in this connector allows you to retrieve all named objects (e g actors, malwares, etc ) as well as filter based on property values of related object types additionally, you can select which mitre att\&ck framework to pull data from (default is enterprise) this connector provides the following tasks get actors get controls get malwares get mitigations get tactics get techniques get tools get data configurations mitre att\&ck (pyattck) authentication retrieve informaton about mitre att\&ck via swimlane's open source project pyattck configuration parameters parameter description type required nested subtechniques whether or not to nest subtechniques defaults to false boolean optional enterprise attck json the location of the enterprise att\&ck json string optional pre attck json the location of the pre att\&ck json string optional mobile attck json the location of the mobile att\&ck json string optional ics attck json the location of the ics att\&ck json string optional nist controls json the location of the nist 800 53 controls json string optional generated attck json the location of the generated contextual att\&ck json string optional generated nist json the location of the generated nist json string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get actors retrieve a list of threat actors from the mitre att\&ck framework using the pyattck connector endpoint method get input argument name type required description attack framework string optional parameter for get actors match malware string optional parameter for get actors match malware name string optional name of the resource match malware id string optional unique identifier match technique string optional parameter for get actors match technique name string optional name of the resource match technique id string optional unique identifier match tool string optional parameter for get actors match tool name string optional name of the resource match tool id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get controls provides detailed information on compliance controls associated with mitre att\&ck framework techniques endpoint method get input argument name type required description match technique string optional parameter for get controls match technique name string optional name of the resource match technique id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get data obtain all or targeted data from the mitre att\&ck dataset using the pyattck connector endpoint method get input argument name type required description type string optional type of the resource attack framework string optional parameter for get data output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get formatted tactic and technique string generates a formatted string of mitre att\&ck tactic and technique for use in swimlane widgets, requiring a technique id endpoint method get input argument name type required description technique id string required unique identifier attack framework string optional parameter for get formatted tactic and technique string tactic id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get malwares retrieve malware objects from the mitre att\&ck framework using the pyattck connector endpoint method get input argument name type required description attack framework string optional parameter for get malwares match actor string optional parameter for get malwares match actor name string optional name of the resource match actor id string optional unique identifier match technique string optional parameter for get malwares match technique name string optional name of the resource match technique id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get mitigations obtain a list of mitigation strategies and techniques from the mitre att\&ck framework input argument name type required description attack framework string optional provide enterprise or mobile to retrieve data from those att\&ck frameworks default is enterprise match technique string optional provide a property value for a given technique and return mitigations for that technique match technique name string optional provide the name of a technique and return mitigations for that technique match technique id string optional provide the mitre att\&ck id of a technique and return mitigations for that technique output parameter type description mitigations object output field mitigations mitigations names array name of the resource mitigations ids array unique identifier mitigations descriptions array output field mitigations descriptions example \[ { "mitigations" { "mitigations names" \[], "mitigations ids" \[], "mitigations descriptions" \[] } } ] get tactics obtain a list of tactic objects from the mitre att\&ck framework using the pyattck connector endpoint method get input argument name type required description attack framework string optional parameter for get tactics match technique string optional parameter for get tactics match technique name string optional name of the resource match technique id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get techniques access additional relationships and details within the mitre att\&ck frameworks using the get technique action endpoint method get input argument name type required description attack framework string optional parameter for get techniques match actor string optional parameter for get techniques match actor name string optional name of the resource match actor id string optional unique identifier match control string optional parameter for get techniques match control name string optional name of the resource match control id string optional unique identifier match mitigation string optional parameter for get techniques match mitigation name string optional name of the resource match mitigation id string optional unique identifier match tactic string optional parameter for get techniques match tactic name string optional name of the resource match tactic id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get tools obtain tool objects from mitre att\&ck, which may include various attributes and relationships relevant to the tools endpoint method get input argument name type required description attack framework string optional parameter for get tools match actor string optional parameter for get tools match actor name string optional name of the resource match actor id string optional unique identifier match technique string optional parameter for get tools match technique name string optional name of the resource match technique id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] notes mitre att\&ck https //attack mitre org/pyattck source code https //github com/swimlane/pyattckpyattck docs https //pyattck readthedocs io/en/latest/