Skip to content

examples

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

examples

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.env.example
.env.example
 
 
README.md
README.md
 
 
analytic_extractor.py
analytic_extractor.py
 
 
attack-object-counter.py
attack-object-counter.py
 
 
generate_excel_files.py
generate_excel_files.py
 
 
generate_multiple_attack_diffs.py
generate_multiple_attack_diffs.py
 
 
get_all_assets.py
get_all_assets.py
 
 
get_all_assets_targeted_by_all_techniques.py
get_all_assets_targeted_by_all_techniques.py
 
 
get_all_campaigns.py
get_all_campaigns.py
 
 
get_all_campaigns_attributed_to_all_groups.py
get_all_campaigns_attributed_to_all_groups.py
 
 
get_all_campaigns_using_all_software.py
get_all_campaigns_using_all_software.py
 
 
get_all_campaigns_using_all_techniques.py
get_all_campaigns_using_all_techniques.py
 
 
get_all_datacomponents.py
get_all_datacomponents.py
 
 
get_all_groups.py
get_all_groups.py
 
 
get_all_groups_attributing_to_all_campaigns.py
get_all_groups_attributing_to_all_campaigns.py
 
 
get_all_groups_using_all_software.py
get_all_groups_using_all_software.py
 
 
get_all_groups_using_all_techniques.py
get_all_groups_using_all_techniques.py
 
 
get_all_matrices.py
get_all_matrices.py
 
 
get_all_mitigations.py
get_all_mitigations.py
 
 
get_all_mitigations_mitigating_all_techniques.py
get_all_mitigations_mitigating_all_techniques.py
 
 
get_all_parent_techniques.py
get_all_parent_techniques.py
 
 
get_all_parent_techniques_of_all_subtechniques.py
get_all_parent_techniques_of_all_subtechniques.py
 
 
get_all_software.py
get_all_software.py
 
 
get_all_software_used_by_all_campaigns.py
get_all_software_used_by_all_campaigns.py
 
 
get_all_software_used_by_all_groups.py
get_all_software_used_by_all_groups.py
 
 
get_all_software_using_all_techniques.py
get_all_software_using_all_techniques.py
 
 
get_all_subtechniques.py
get_all_subtechniques.py
 
 
get_all_subtechniques_of_all_techniques.py
get_all_subtechniques_of_all_techniques.py
 
 
get_all_tactics.py
get_all_tactics.py
 
 
get_all_techniques.py
get_all_techniques.py
 
 
get_all_techniques_mitigated_by_all_mitigations.py
get_all_techniques_mitigated_by_all_mitigations.py
 
 
get_all_techniques_targeting_all_assets.py
get_all_techniques_targeting_all_assets.py
 
 
get_all_techniques_used_by_all_campaigns.py
get_all_techniques_used_by_all_campaigns.py
 
 
get_all_techniques_used_by_all_groups.py
get_all_techniques_used_by_all_groups.py
 
 
get_all_techniques_used_by_all_software.py
get_all_techniques_used_by_all_software.py
 
 
get_assets_targeted_by_technique.py
get_assets_targeted_by_technique.py
 
 
get_attack_id.py
get_attack_id.py
 
 
get_campaigns_attributed_to_group.py
get_campaigns_attributed_to_group.py
 
 
get_campaigns_by_alias.py
get_campaigns_by_alias.py
 
 
get_campaigns_using_software.py
get_campaigns_using_software.py
 
 
get_campaigns_using_technique.py
get_campaigns_using_technique.py
 
 
get_groups_attributing_to_campaign.py
get_groups_attributing_to_campaign.py
 
 
get_groups_by_alias.py
get_groups_by_alias.py
 
 
get_groups_using_software.py
get_groups_using_software.py
 
 
get_groups_using_technique.py
get_groups_using_technique.py
 
 
get_mitigations_mitigating_technique.py
get_mitigations_mitigating_technique.py
 
 
get_name.py
get_name.py
 
 
get_object_by_attack_id.py
get_object_by_attack_id.py
 
 
get_object_by_stix_id.py
get_object_by_stix_id.py
 
 
get_objects_by_content.py
get_objects_by_content.py
 
 
get_objects_by_name.py
get_objects_by_name.py
 
 
get_objects_by_type.py
get_objects_by_type.py
 
 
get_objects_created_after.py
get_objects_created_after.py
 
 
get_objects_modified_after.py
get_objects_modified_after.py
 
 
get_parent_technique_of_subtechnique.py
get_parent_technique_of_subtechnique.py
 
 
get_procedure_examples_by_tactic.py
get_procedure_examples_by_tactic.py
 
 
get_procedure_examples_by_technique.py
get_procedure_examples_by_technique.py
 
 
get_revoked_techniques.py
get_revoked_techniques.py
 
 
get_software_by_alias.py
get_software_by_alias.py
 
 
get_software_used_by_campaign.py
get_software_used_by_campaign.py
 
 
get_software_used_by_group.py
get_software_used_by_group.py
 
 
get_software_using_technique.py
get_software_using_technique.py
 
 
get_stix_type.py
get_stix_type.py
 
 
get_subtechniques_of_technique.py
get_subtechniques_of_technique.py
 
 
get_tactics_by_matrix.py
get_tactics_by_matrix.py
 
 
get_tactics_by_technique.py
get_tactics_by_technique.py
 
 
get_techniques_by_platform.py
get_techniques_by_platform.py
 
 
get_techniques_by_tactic.py
get_techniques_by_tactic.py
 
 
get_techniques_detected_by_detectionstrategy.py
get_techniques_detected_by_detectionstrategy.py
 
 
get_techniques_mitigated_by_mitigation.py
get_techniques_mitigated_by_mitigation.py
 
 
get_techniques_targeting_asset.py
get_techniques_targeting_asset.py
 
 
get_techniques_used_by_campaign.py
get_techniques_used_by_campaign.py
 
 
get_techniques_used_by_group.py
get_techniques_used_by_group.py
 
 
get_techniques_used_by_group_software.py
get_techniques_used_by_group_software.py
 
 
get_techniques_used_by_software.py
get_techniques_used_by_software.py
 
 

README.md

Examples Directory

This directory contains example scripts demonstrating how to use the mitreattack-python library to extract, analyze, and report on MITRE ATT&CK data. These scripts cover a variety of use cases, including querying STIX bundles, generating reports, and automating ATT&CK data analysis.

Full Example Listing & Documentation

A complete, categorized list of example scripts, usage details, and direct links is maintained in the built documentation:

Setup

Many example scripts allow optional configuration via environment variables for paths to STIX bundles. If you want to set this up you can follow these instructions.

  • Copy the provided examples/.env.example file to .env:

    cp .env.example .env

  • Edit .env to set the correct paths and variables for your environment.

Creating a .env file is not enough however. You will need to use a tool such as the following to help manage the environment variables:

  • python-dotenv (automatically loads .env in Python scripts)
  • direnv (manages environment variables per directory)

Setting up these tools is out of scope for this README.

Dependencies

Downloading ATT&CK STIX Bundles

Many example scripts require ATT&CK STIX bundles, which must be downloaded and placed in the directory specified in your .env file (e.g., attack-releases/stix-2.0/v18.0). You can download these bundles using the provided CLI command if you have mitreattack-python installed:

download_attack_stix --all

This will download all available ATT&CK releases in STIX format to the default directory (attack-releases). You can customize the download location and versions using additional options. For example:

  • Download the latest release (default):

    download_attack_stix

  • Download specific versions:

    download_attack_stix -v 16.1 -v 17.1

  • Download all releases in both STIX formats:

    download_attack_stix --all --stix21

How to Run Scripts

  • Run individual scripts with Python:

    python get_all_techniques.py

Contribution & Customization

Feel free to adapt these scripts for your own use cases. Contributions and improvements are welcome!