Skip to main content


Project description

ATT&CK Python Client

A Python module to access up to date ATT&CK content available in STIX via public TAXII server. This project leverages the python classes and functions of the cti-python-stix2 and cti-taxii-client libraries developed by MITRE.


  • Provide an easy way to access and interact with up to date ATT&CK content available in STIX via public TAXII server
  • Allow security analysts to quickly explore ATT&CK content and apply it in their daily operations
  • Allow the integration of ATT&Ck content with other platforms to host up to date information from the framework
  • Help security analysts during the transition from the ATT&CK MediaWiki API to the STIX/TAXII 2.0 API
  • Learn STIX2 and TAXII Client Python libraries

Current Status: Beta

The project is currently in a beta stage, which means that the code and the functionality is changing, but the current main functions are stabilising. I would love to get your feedback to make it a better project.


Getting Started


Python 3+ or 2.7


You can install it via PIP:

pip install attackcti

Or you can also do the following:

git clone
cd ATTACK-Python-Client
pip install .

Jupyter Notebooks - Code Integration

I created a few jupyter notebooks that I hope can help you get familiar with the library and allow you to implement it in your future projects.

Install Jupyter Lab and Pandas==0.22.0 in order to use the Jupyter Notebooks on your own. You can do it by using the requirements.txt file in this repo

pip install -r requirements.txt

Start Jupyter Lab by running the following commands in the root directory of the repo

cd notebooks
jupyter lab





  • [ ] Revokation logic to update Groups Objects
  • [ ] Integration with HELK

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
attackcti-0.1.4-py3-none-any.whl (7.7 kB) Copy SHA256 hash SHA256 Wheel py3
attackcti-0.1.4.tar.gz (7.5 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page