-
-
Save magnologan/f6e2d04233e6c060e696bad555fe3bff to your computer and use it in GitHub Desktop.
MITRE ATT&CK oneliners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Requires: curl, jq | |
# Download MITRE ATT&CK data from GitHub repository | |
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
# List all ATT&CK object types | |
jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
# List all ATT&CK technique identifiers | |
jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json | |
# List all software identifiers | |
jq -r '[ .objects[] | select(.type == "tool" or .type == "malware") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json | |
# List all attacker group identifiers | |
jq -r '[ .objects[] | select(.type == "intrusion-set") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment