creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
84b4699e593e7eccfb6f72a2fe0ebbe05fc59f01
Anthropic-Cybersecurity-Skills/skills/mapping-mitre-attack-techniques/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.6 KiB
Raw Blame History

API Reference: Mapping MITRE ATT&CK Techniques

mitreattack-python Library

Method Description
MitreAttackData(stix_filepath=path) Load ATT&CK STIX 2.0 data bundle from file
get_techniques(remove_revoked_deprecated=False) Returns list[AttackPattern] STIX objects
get_groups(remove_revoked_deprecated=False) Returns list[IntrusionSet] STIX objects
get_techniques_used_by_group(group_stix_id) Returns list[dict] with t["object"] as AttackPattern
get_attack_id(stix_id=id) Resolve STIX ID to ATT&CK ID (e.g., T1059)
get_mitigations(remove_revoked_deprecated=False) Returns list[CourseOfAction]
get_software(remove_revoked_deprecated=False) Returns list[Malware or Tool]

ATT&CK Navigator API (Layer Format)

Field Type Description
techniques[].techniqueID string ATT&CK technique ID (e.g., T1059)
techniques[].score number Coverage score (0=gap, 1=detected)
techniques[].color string Hex color for heatmap visualization
domain string ATT&CK domain: enterprise-attack, mobile-attack, ics-attack

MITRE ATT&CK TAXII Server

Endpoint Description
cti-taxii.mitre.org/stix/collections/ List available STIX collections
cti-taxii.mitre.org/stix/collections/{id}/objects/ Download STIX objects

Sigma Rules (Detection Engineering)

Field Description
tags ATT&CK mapping (e.g., attack.t1059.001)
logsource.product Target log source (windows, linux, aws)
detection Search logic with conditions

Key Libraries

  • mitreattack-python (pip install mitreattack-python): Official MITRE ATT&CK Python library
  • stix2: Parse and create STIX 2.1 objects
  • taxii2-client: Download ATT&CK data from TAXII server
  • pySigma: Parse and convert Sigma detection rules

Configuration

Variable Description
ATTACK_STIX_PATH Path to local enterprise-attack.json STIX bundle
NAVIGATOR_URL ATT&CK Navigator instance URL

Data Sources

Source URL Description
ATT&CK STIX github.com/mitre/cti Official STIX bundles
ATT&CK Navigator github.com/mitre-attack/attack-navigator Layer visualization tool
Sigma Rules github.com/SigmaHQ/sigma Community detection rules

References

Reference in New Issue View Git Blame Copy Permalink