Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Interfaces for Working with ATT&CK


There are two different ways for you to access the ATT&CK content:

Via our ATT&CK expressed in STIX 2.0 GitHub repository

There are a few different ways you can interact with the ATT&CK content in this repo. If you use Python, the best way is to utilize cti-python-stix2. We have a USAGE doc in this repo to help you with this. Since STIX 2.0 is JSON, you can also use a JSON library in the programming language of your choice and interact with the raw content, like the full set of Enterprise ATT&CK content you can find here.

Via our TAXII Server

Our TAXII server stays up to date with the content found in our GitHub repository, so you can also access the ATT&CK content here. As the TAXII Server release blog post states, you can use the cti-python-stix2 and cti-taxii-client to get the ATT&CK content from the TAXII server.

Stay tuned for more information on how to get and use the ATT&CK content!