This repository contains a library of Python tools and utilities for working with ATT&CK data. For more information, see the full documentation on ReadTheDocs.
To use this package, install the mitreattack-python library with pip:
pip install mitreattack-pythonThe MitreAttackData library is used to read in and work with MITRE ATT&CK STIX 2.0 content. This library provides
the ability to query the dataset for objects and their related objects. This is the main content of mitreattack-python;
you can read more about other modules in this library under "Additional Modules".
Cyber Threat Intelligence repository of the ATT&CK catalog expressed in STIX 2.0 JSON. This repository also contains our USAGE document which includes additional examples of accessing and parsing our dataset in Python.
ATT&CK® is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle, and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).
STIX enables organizations to share CTI with one another in a consistent and machine-readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.
STIX is designed to improve many capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.
https://oasis-open.github.io/cti-documentation/
To contribute to this project, either through a bug report, feature request, or merge request, please see the Contributors Guide.