ATTACKDomain
The ATTACKDomain
object provides a simple interface for loading and interacting with a single domain within the ATT&CK framework.
Initialization
We provide two methods of loading the ATTACKDomain
object, either from a local repository through load()
, or by downloading the ATTACKDomain
object from a remote repository using download()
.
The recommended way of initializing an ATTACKDomain
object is through load()
as this assures that your project works with a consistent version of the MITRE ATT&CK framework and avoids repeated downloading of the CTI sources.
Example
# Import ATT&CK
from py_attack import ATTACKDomain
# Load from local repository - recommended
domain = ATTACKDomain.load(
path = "path/to/local/cti/enterprise-attack/enterprise-attack.json",
domain = 'enterprise',
)
# Download from online source
domain = ATTACKDomain.download(
url = "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",
domain = 'enterprise',
)
Getters
You can retrieve a specific MITRE ATT&CK concept according to its identifier (see format) or UUID
.
Example
# Import ATT&CK
from py_attack import ATTACKDomain
# Load from local repository - recommended
domain = ATTACKDomain.load(
path = "path/to/local/cti/enterprise-attack/enterprise-attack.json",
domain = 'enterprise',
)
# Get technique using ID T1087
technique = domain['T1087']
technique = domain.get('T1087')
Iterators
Rather than retrieving a concept via one of the DomainGetter methods, you can also iterate over various concepts
.
A domain within the MITRE ATT&CK framework consists of the following concepts
: matrices
, tactics
, techniques
, sub_techniques
, groups
, software
, procedures
, relationships
and mitigations
,.
All of these are easily accessible via the following iterator properties:
Example
# Import ATT&CK
from py_attack import ATTACKDomain
# Load from local repository - recommended
domain = ATTACKDomain.load(
path = "path/to/local/cti/enterprise-attack/enterprise-attack.json",
domain = 'enterprise',
)
# Iterate over different concepts
for concept in domain.concepts:
...
for matrices in domain.matrices:
...
for tactics in domain.tactics:
...
for techniques in domain.techniques:
...
for sub_techniques in domain.sub_techniques:
...
for groups in domain.groups:
...
for software in domain.software:
...
for procedures in domain.procedures:
...
for relationships in domain.relationships:
...
for mitigations in domain.mitigations:
...
Graph
All concepts within the ATTACKDomain
have defined relations between them.
E.g., groups
use techniques
to achieve tactics
using specific software
.
These concepts and relations can therefore be modeled in a graph provided by the graph
property.
Because all these concepts are related, we provide a method to find concepts that are (in)directly related to a given concept:
Example
# Import ATT&CK
from py_attack import ATTACKDomain
# Load from local repository - recommended
domain = ATTACKDomain.load(
path = "path/to/local/cti/enterprise-attack/enterprise-attack.json",
domain = 'enterprise',
)
# Get domain graph
graph = domain.graph
# Get concepts related to given ID T1087
related = domain.related_concepts('T1087')