How to use attackcti - 7 common examples

To help you get started, we’ve selected a few attackcti examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github mvelazc0 / attack2jira / lib / jirahandler.py View on Github external
def get_attack_tactics(self):

        try:
            tactics_payload=[]
            client = attack_client()
            tactics = client.get_tactics()

        except:
            traceback.print_exc(file=sys.stdout)
            print ("[!] Error connecting obtaining tactics from Att&ck's API !")
            sys.exit()
github mvelazc0 / attack2jira / lib / jirahandler.py View on Github external
def get_attack_datasources(self):

        try:
            datasource_payload=[]
            client = attack_client()
            datasources = client.get_data_sources()
            for datasource in datasources:
                dict = {'name': datasource}
                datasource_payload.append(dict)
            return datasource_payload

        except:
            traceback.print_exc(file=sys.stdout)
            print ("[!] Error connecting obtaining datasources from Att&ck's API !")
            sys.exit()
github mvelazc0 / attack2jira / attack2jira.py View on Github external
def get_attack_techniques(self):

        try:
            print ("[*] Obtaining ATT&CK's techniques...")
            client = attack_client()
            all_enterprise = client.get_enterprise()
            techniques = []
            for technique in all_enterprise['techniques']:
                techniques.append(json.loads(technique.serialize()))

            print ("[!] Done!")
            return techniques

        except:
            traceback.print_exc(file=sys.stdout)
            print ("[!] Error connecting to Att&ck's API !")
            return
github splunk / security-content / bin / generate.py View on Github external
def generate_mitre_lookup():

    csv_mitre_rows = [["mitre_id", "technique", "tactics", "groups"]]

    lift = attack_client()
    all_enterprise = lift.get_enterprise(stix_format=False)
    enterprise_relationships = lift.get_enterprise_relationships()
    enterprise_groups = lift.get_enterprise_groups()

    for technique in all_enterprise['techniques']:
        apt_groups = []
        for relationship in enterprise_relationships:
            if (relationship['target_ref'] == technique['id']) and relationship['source_ref'].startswith('intrusion-set'):
                for group in enterprise_groups:
                    if relationship['source_ref'] == group['id']:
                        apt_groups.append(group['name'])

        if len(apt_groups) == 0:
            apt_groups.append('no')
        csv_mitre_rows.append([technique['technique_id'], technique['technique'], '|'.join(technique['tactic']).replace('-',' ').title(), '|'.join(apt_groups)])
github phage-nz / malware-hunting / emulation / emulate.py View on Github external
def load_cti():
    LOGGER.info('[-] Initiaing ATT&CK CTI client...')
    client = attack_client()

    LOGGER.info('[-] Loading data...')
    enterprise_groups = client.get_enterprise_groups()
    enterprise_techniques = client.get_enterprise_techniques()
    enterprise_relationships = client.get_enterprise_relationships()
    LOGGER.info('[-] OK!')
    
    return EnterpriseCTI(enterprise_groups, enterprise_techniques, enterprise_relationships)
github splunk / security-content / bin / converter_v2_v3.py View on Github external
import os
import sys
import yaml
import glob
import re

from collections import OrderedDict
from attackcti import attack_client


lift = attack_client()
all_enterprise = lift.get_enterprise(stix_format=False)

def represent_ordereddict(dumper, data):
    value = []

    for item_key, item_value in data.items():
        node_key = dumper.represent_data(item_key)
        node_value = dumper.represent_data(item_value)

        value.append((node_key, node_value))

    return yaml.nodes.MappingNode(u'tag:yaml.org,2002:map', value)


def attack_lookup_id(inputs_array):
    outputs = []
github hxnoyd / ossem-power-up / powerup.py View on Github external
def __init__(self, ds_scores):
        """Pull ATT&CK data from MITRE API"""
        print('[*] Pulling ATT&CK data')

        cli = attack_client()
        attack = cli.get_enterprise(stix_format=False)
        self.techniques = cli.remove_revoked(attack['techniques'])
        self.ds_scores = ds_scores

attackcti

MITRE ATTACK CTI Python Libary

BSD-3-Clause
Latest version published 7 months ago

Package Health Score

62 / 100
Full package analysis

Popular attackcti functions