Created
December 17, 2019 00:10
-
-
Save thomaspatzke/ec6d00bbd001be73a4f4576ff90ff7e2 to your computer and use it in GitHub Desktop.
MITRE ATT&CK oneliners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Requires: curl, jq | |
# Download MITRE ATT&CK data from GitHub repository | |
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
# List all ATT&CK object types | |
jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
# List all ATT&CK technique identifiers | |
jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json | |
# List all software identifiers | |
jq -r '[ .objects[] | select(.type == "tool" or .type == "malware") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json | |
# List all attacker group identifiers | |
jq -r '[ .objects[] | select(.type == "intrusion-set") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment