ATT&CK™ content available in STIX™ 2.0 via public TAXII™ 2.0 serverMay 14, 2018
We are excited to announce that all of MITRE’s Adversarial Tactics, Techniques, and Common Knowledge content, including ATT&CK for Enterprise , PRE-ATT&CK™, and ATT&CK for Mobile, is now available via our TAXII 2.0 server. This consolidation of content onto our TAXII server is another advancement toward our goal of making ATT&CK easier to use through tooling and APIs. Prior to this announcement, we also released the ATT&CK content as STIX 2.0 in our GitHub repository and published the ATT&CK™ Navigator, which uses the STIX 2.0 content to provide an interactive visualization of the ATT&CK matrices.
You can use existing and forthcoming libraries and tools to work with ATT&CK content, thanks to the move to STIX and TAXII. You can access ATT&CK content on our TAXII server through the cti-python-stix2 and cti-taxii-client libraries. Under Department of Homeland Security sponsorship, MITRE developed both of these libraries and contributed to the OASIS Technical Committee for Cyber Threat Intelligence, which develops the STIX and TAXII standards.
Here is an example of how to use these libraries to print the names and IDs of each available ATT&CK technology-domain:
The ID of each collection can then be used to get the content of that collection. Here's an example of using Enterprise ATT&CK’s ID to get that content. You'll see that changing the ID in the URL, which is highlighted in the code, allows you to get the content from another specified domain, such as ATT&CK for Mobile or PRE-ATT&CK.
With the introduction of this new TAXII 2 service for ATT&CK content, we are deprecating the existing MediaWiki APIs that are accessible via the ATT&CK website. While the MediaWiki APIs will still be available for the short term, our intent is to transition completely to STIX/TAXII-based access. More information on the usage of the ATT&CK content expressed as STIX 2.0 can be found here.