Created
June 29, 2021 13:55
-
-
Save wietze/5904485851d22e830b346d9fb6ef6341 to your computer and use it in GitHub Desktop.
Returns the full MITRE ATT&CK technique name for a given TID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| MITRE_ATTACK_DATA = requests.get('https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json').json() | |
| TECHNIQUES = {technique['external_references'][0]['external_id']:technique['name'] for technique in MITRE_ATTACK_DATA['objects'] if technique['type'] == 'attack-pattern' and not technique.get('revoked')} | |
| def get_technique(tid): | |
| return TECHNIQUES[tid] if '.' not in tid else "{}: {}".format(TECHNIQUES[tid[:5]], TECHNIQUES[tid]) | |
| # Usage: | |
| # get_technique('T1059.001') | |
| # will return: | |
| # 'Command and Scripting Interpreter: PowerShell' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment