This documentation provides details about the Enterprise class within the pyattck package.
The
MitreAttckobject is based on the following data model
The Enterprise class provides detailed information about data within the Enterprise MITRE ATT&CK framework
Each of the main properties can return a json object of the entire object or you can access each property individually. An example of this is here:
from pyattck import Attck
attack = Attck()
# accessing techniques and their properties
for technique in attack.enterprise.techniques:
# if you want to return individual properties of this object you call them directly
print(technique.id)
print(technique.name)
print(technique.alias)
print(technique.description)
print(technique.stix)
print(technique.platforms)
print(technique.permissions)
print(technique.wiki)
.....The following is only a small sample of the available properties on each object and each object type (actors, malware, mitigations, tactics, techniques, and tools) will have different properties that you can access.
- Every data point has exposed properties that allow the user to retrieve additional data based on relationships:
- Actor
- Relationship Objects
- Tools used by the Actor or Group
- Malware used by the Actor or Group
- Techniques this Actor or Group uses
- External Data
- country which this actor or group may be associated with (attribution is hard)
- operations
- attribution_links
- known_tools
- targets
- additional_comments
- external_description
- Relationship Objects
- Malware
- Actor or Group(s) using this malware
- Techniques this malware is used with
- Mitigation
- Techniques related to a specific set of mitigation suggestions
- Tactic
- Techniques found in a specific Tactic (phase)
- Technique
- Relationship Objects
- Tactics a technique is found in
- Mitigation suggestions for a given technique
- Actor or Group(s) identified as using this technique
- External Data
- command_list - A list of commands from multiple open-source tools and repositories that contain potential commands used by a technique
- commands - A list of property objects that contain the
Name,Source, andCommand` dataset - queries - A list of potential queries for different products to identify threats within your environment by technique
- datasets - A list of the datasets as it relates to a technique
- possible_detections - A list of potential detections for different products (e.g. NSM rules) as it relates to a technique
- For more detailed information about these features, please view the following External Datasets
- Relationship Objects
- Tools
- Relationship Objects
- Techniques that the specified tool is used within
- Actor or Group(s) using a specified tool
- External Data
- additional_names for the specified tool
- attribution_links associated with the specified tool
- additional_comments about the specified tool
- family of the specified tool
- Relationship Objects
- Actor
Below shows you how you can access each of object types and their properties. Additionally, you can access related object types associated with this selected object type:
from pyattck import Attck
attack = Attck()
for actor in attack.enterprise.actors:
print(actor.id)
print(actor.name)
# accessing malware used by an actor or group
for malware in actor.malwares:
print(malware.id)
print(malware.name)
# accessing tools used by an actor or group
for tool in actor.tools:
print(tool.id)
print(tool.name)
# accessing techniques used by an actor or group
for technique in actor.techniques:
print(technique.id)
print(technique.name)
# you can also access generated data sets on aa technique
print(technique.command_list)
print(technique.commands)
print(technique.queries)
print(technique.datasets)
print(technique.possible_detections)
# accessing malware
for malware in attack.enterprise.malwares:
print(malware.id)
print(malware.name)
# accessing actor or groups using this malware
for actor in malware.actors:
print(actor.id)
print(actor.name)
# accessing techniques that this malware is used in
for technique in malware.techniques:
print(technique.id)
print(technique.name)
# accessing mitigation
for mitigation in attack.enterprise.mitigations:
print(mitigation.id)
print(mitigation.name)
# accessing techniques related to mitigation recommendations
for technique in mitigation.techniques:
print(technique.id)
print(technique.name)
# you can also access generated data sets on aa technique
print(technique.command_list)
print(technique.commands)
print(technique.queries)
print(technique.datasets)
print(technique.possible_detections)
# accessing tactics
for tactic in attack.enterprise.tactics:
print(tactic.id)
print(tactic.name)
# accessing techniques related to this tactic
for technique in tactic.techniques:
print(technique.id)
print(technique.name)
# you can also access generated data sets on aa technique
print(technique.command_list)
print(technique.commands)
print(technique.queries)
print(technique.datasets)
print(technique.possible_detections)
# accessing techniques
for technique in attack.enterprise.techniques:
print(technique.id)
print(technique.name)
# you can also access generated data sets on aa technique
print(technique.command_list)
print(technique.commands)
print(technique.queries)
print(technique.datasets)
print(technique.possible_detections)
# accessing tactics that this technique belongs to
for tactic in technique.tactics:
print(tactic.id)
print(tactic.name)
# accessing mitigation recommendations for this technique
for mitigation in technique.mitigations:
print(mitigation.id)
print(mitigation.name)
# accessing actors using this technique
for actor in technique.actors:
print(actor.id)
print(actor.name)
# accessing tools
for tool in attack.enterprise.tools:
print(tool.id)
print(tool.name)
# accessing techniques this tool is used in
for technique in tool.techniques:
print(technique.id)
print(technique.name)
# you can also access generated data sets on aa technique
print(technique.command_list)
print(technique.commands)
print(technique.queries)
print(technique.datasets)
print(technique.possible_detections)
# accessing actor or groups using this tool
for actor in tool.actors:
print(actor.id)
print(actor.name).. autoclass:: pyattck.enterprise.Enterprise
:members:
:undoc-members:
:show-inheritance:
.. toctree::
actor
control
malware
mitigation
tactic
technique
tools