How to use attackcti - 7 common examples
To help you get started, we’ve selected a few attackcti examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mvelazc0 / attack2jira / lib / jirahandler.py View on Github 
def get_attack_tactics(self):
try:
tactics_payload=[]
client = attack_client()
tactics = client.get_tactics()
except:
traceback.print_exc(file=sys.stdout)
print ("[!] Error connecting obtaining tactics from Att&ck's API !")
sys.exit()def get_attack_datasources(self):
try:
datasource_payload=[]
client = attack_client()
datasources = client.get_data_sources()
for datasource in datasources:
dict = {'name': datasource}
datasource_payload.append(dict)
return datasource_payload
except:
traceback.print_exc(file=sys.stdout)
print ("[!] Error connecting obtaining datasources from Att&ck's API !")
sys.exit()def get_attack_techniques(self):
try:
print ("[*] Obtaining ATT&CK's techniques...")
client = attack_client()
all_enterprise = client.get_enterprise()
techniques = []
for technique in all_enterprise['techniques']:
techniques.append(json.loads(technique.serialize()))
print ("[!] Done!")
return techniques
except:
traceback.print_exc(file=sys.stdout)
print ("[!] Error connecting to Att&ck's API !")
returndef generate_mitre_lookup():
csv_mitre_rows = [["mitre_id", "technique", "tactics", "groups"]]
lift = attack_client()
all_enterprise = lift.get_enterprise(stix_format=False)
enterprise_relationships = lift.get_enterprise_relationships()
enterprise_groups = lift.get_enterprise_groups()
for technique in all_enterprise['techniques']:
apt_groups = []
for relationship in enterprise_relationships:
if (relationship['target_ref'] == technique['id']) and relationship['source_ref'].startswith('intrusion-set'):
for group in enterprise_groups:
if relationship['source_ref'] == group['id']:
apt_groups.append(group['name'])
if len(apt_groups) == 0:
apt_groups.append('no')
csv_mitre_rows.append([technique['technique_id'], technique['technique'], '|'.join(technique['tactic']).replace('-',' ').title(), '|'.join(apt_groups)])def load_cti():
LOGGER.info('[-] Initiaing ATT&CK CTI client...')
client = attack_client()
LOGGER.info('[-] Loading data...')
enterprise_groups = client.get_enterprise_groups()
enterprise_techniques = client.get_enterprise_techniques()
enterprise_relationships = client.get_enterprise_relationships()
LOGGER.info('[-] OK!')
return EnterpriseCTI(enterprise_groups, enterprise_techniques, enterprise_relationships)import os
import sys
import yaml
import glob
import re
from collections import OrderedDict
from attackcti import attack_client
lift = attack_client()
all_enterprise = lift.get_enterprise(stix_format=False)
def represent_ordereddict(dumper, data):
value = []
for item_key, item_value in data.items():
node_key = dumper.represent_data(item_key)
node_value = dumper.represent_data(item_value)
value.append((node_key, node_value))
return yaml.nodes.MappingNode(u'tag:yaml.org,2002:map', value)
def attack_lookup_id(inputs_array):
outputs = []def __init__(self, ds_scores):
"""Pull ATT&CK data from MITRE API"""
print('[*] Pulling ATT&CK data')
cli = attack_client()
attack = cli.get_enterprise(stix_format=False)
self.techniques = cli.remove_revoked(attack['techniques'])
self.ds_scores = ds_scores
