Skip to main content

MITRE ATT&CK python library

Project description

mitreattack-python

This repository contains a library of Python tools and utilities for working with ATT&CK data. For more information, see the full documentation on ReadTheDocs.

Install

To use this package, install the mitreattack-python library with pip:

pip install mitreattack-python

Note: the library requires python3.

MitreAttackData Library

The MitreAttackData library is used to read in and work with MITRE ATT&CK STIX 2.0 content. This library provides the ability to query the dataset for objects and their related objects. This is the main content of mitreattack-python; you can read more about other modules in this library under "Additional Modules".

Additional Modules

More detailed information and examples about the specific usage of the additional modules in this package can be found in the individual README files for each module linked below.

module description documentation
navlayers A collection of utilities for working with ATT&CK Navigator layers. Provides the ability to import, export, and manipulate layers. Layers can be read in from the filesystem or python dictionaries, combined and edited, and then exported to excel or SVG images. Further documentation can be found here.
attackToExcel A collection of utilities for converting ATT&CK STIX data to Excel spreadsheets. It also provides access to Pandas DataFrames representing the dataset for use in data analysis. Further documentation can be found here.
collections A set of utilities for working with ATT&CK Collections and Collection Indexes. Provides functionalities for converting and summarizing data in collections and collection indexes, as well as generating a collection from a raw stix bundle input. Further documentation can be found here.
diffStix Create markdown, HTML, JSON and/or ATT&CK Navigator layers reporting on the changes between two versions of the STIX2 bundles representing the ATT&CK content. Run diff_stix -h for full usage instructions. Further documentation can be found here.

Related MITRE Work

CTI

Cyber Threat Intelligence repository of the ATT&CK catalog expressed in STIX 2.0 JSON. This repository also contains our USAGE document which includes additional examples of accessing and parsing our dataset in Python.

ATT&CK

ATT&CK® is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle, and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

https://attack.mitre.org

STIX

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX enables organizations to share CTI with one another in a consistent and machine-readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.

STIX is designed to improve many capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

https://oasis-open.github.io/cti-documentation/

ATT&CK scripts

One-off scripts and code examples you can use as inspiration for how to work with ATT&CK programmatically. Many of the functionalities found in the mitreattack-python package were originally posted on attack-scripts.

https://github.com/mitre-attack/attack-scripts

Contributing

To contribute to this project, either through a bug report, feature request, or merge request, please see the Contributors Guide.

Notice

Copyright 2024 The MITRE Corporation

Approved for Public Release; Distribution Unlimited. Case Number 19-0486.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mitreattack-python-3.0.8.tar.gz (530.8 kB view details)

Uploaded Source

Built Distribution

mitreattack_python-3.0.8-py3-none-any.whl (547.1 kB view details)

Uploaded Python 3

File details

Details for the file mitreattack-python-3.0.8.tar.gz.

File metadata

  • Download URL: mitreattack-python-3.0.8.tar.gz
  • Upload date:
  • Size: 530.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for mitreattack-python-3.0.8.tar.gz
Algorithm Hash digest
SHA256 8d130d40463cce235f472bd40e68d05d548cde1a1d934771b707fe460d9ab35a
MD5 4474ca0da408e5d4bc8d7f726d3fb000
BLAKE2b-256 42554667e4b41c3bb7a9c37aeddd3fce877ce3f8e90087e6b195d19e2c7a786a

See more details on using hashes here.

Provenance

The following attestation bundles were made for mitreattack-python-3.0.8.tar.gz:

Publisher: lint-publish.yml on mitre-attack/mitreattack-python

Attestations:

File details

Details for the file mitreattack_python-3.0.8-py3-none-any.whl.

File metadata

File hashes

Hashes for mitreattack_python-3.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 f829a9caa20e798d9e78aacd9aac72ca8e5199e8c72915bff405dd53a86b1e43
MD5 a3dd863112f642596a45a561e1f1a798
BLAKE2b-256 c1e091d6a72619ed1973c1844c0e061625a5392ddd1a252e37521006b1cc31ee

See more details on using hashes here.

Provenance

The following attestation bundles were made for mitreattack_python-3.0.8-py3-none-any.whl:

Publisher: lint-publish.yml on mitre-attack/mitreattack-python

Attestations:

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page