filter

The py_attack.filter module provides a Filter object for filtering the CTI repository and a query() method for applying those filters.

Query

You can query a CTI repository (Iterable[dict] with a List[Filters]) using the following method:

Example

# Import ATT&CK
from py_attack import ATTACK
from py_attack.filter import Filter, query

# Load from local repository
attack = ATTACK.load(
    path    = "path/to/local/cti/{domain}-attack/{domain}-attack.json",
    domains = ['enterprise', 'ics', 'mobile', 'pre'],
)

# Query for all MITRE ATT&CK techniques in store of enterprise objects
techniques = query(
    iterable = attack['enterprise'].store, # Underlying CTI datastructure of 'enterprise' domain
    filters  = [
        Filter('type', '=', 'attack-pattern'), # Filter all CTI entries where type == attack-pattern, i.e., MITRE ATT&CK techniques
    ]
)