Export All Techniques to CSV
Contents
Export All Techniques to CSV#
Import Libraries#
from attackcti import attack_client
from pandas import *
import json
import logging
logging.getLogger('taxii2client').setLevel(logging.CRITICAL)
Initialize Attack client#
lift = attack_client()
Get All Techniques STIX Format#
all_techniques = lift.get_techniques()
len(all_techniques)
736
Export CSV File#
techniques = []
for t in all_techniques:
techniques.append(json.loads(t.serialize()))
df = pandas.json_normalize(techniques)
df.head()
| type | id | created_by_ref | created | modified | name | description | kill_chain_phases | external_references | object_marking_refs | ... | x_mitre_permissions_required | x_mitre_platforms | x_mitre_version | x_mitre_remote_support | x_mitre_system_requirements | x_mitre_network_requirements | x_mitre_effective_permissions | x_mitre_impact_type | x_mitre_tactic_type | x_mitre_old_attack_id | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | attack-pattern | attack-pattern--b22e5153-ac28-4cc6-865c-2054e3... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-12T20:02:31.866Z | 2021-10-16T01:50:40.276Z | Resource Forking | Adversaries may abuse resource forks to hide m... | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | [marking-definition--fa42a846-8d90-4e51-bc29-7... | ... | [User] | [macOS] | 1.0 | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 1 | attack-pattern | attack-pattern--824add00-99a1-4b15-9a2d-6c5683... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-08T14:06:28.212Z | 2021-10-15T00:48:06.723Z | Downgrade Attack | Adversaries may downgrade or use a version of ... | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | [marking-definition--fa42a846-8d90-4e51-bc29-7... | ... | [User] | [Windows, Linux, macOS] | 1.0 | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 2 | attack-pattern | attack-pattern--84601337-6a55-4ad7-9c35-79e0d1... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-05T21:26:15.081Z | 2021-10-18T16:36:37.042Z | Login Items | Adversaries may add login items to execute upo... | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | [marking-definition--fa42a846-8d90-4e51-bc29-7... | ... | [User] | [macOS] | 1.0 | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 3 | attack-pattern | attack-pattern--4933e63b-9b77-476e-ab29-761bc5... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-05T01:15:06.293Z | 2021-11-01T18:09:09.670Z | Reflective Code Loading | Adversaries may reflectively load code into a ... | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | [marking-definition--fa42a846-8d90-4e51-bc29-7... | ... | [User] | [macOS, Linux, Windows] | 1.0 | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 4 | attack-pattern | attack-pattern--8565825b-21c8-4518-b75e-cbc4c7... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-01T17:58:26.445Z | 2021-10-07T18:19:25.352Z | Cloud Storage Object Discovery | Adversaries may enumerate objects in cloud sto... | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | [marking-definition--fa42a846-8d90-4e51-bc29-7... | ... | NaN | [IaaS] | 1.0 | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
5 rows × 25 columns
df.to_csv('all_techniques_stix.csv', index=False)
Get All Techniques Non-STIX Format#
all_techniques = lift.get_techniques(stix_format=False)
len(all_techniques)
736
df = pandas.json_normalize(all_techniques)
df.head()
| kill_chain_phases | external_references | x_mitre_version | type | id | created_by_ref | created | modified | technique | technique_description | ... | platform | remote_support | capec_id | capec_url | system_requirements | network_requirements | effective_permissions | impact_type | tactic_type | x_mitre_old_attack_id | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | 1.0 | attack-pattern | attack-pattern--b22e5153-ac28-4cc6-865c-2054e3... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-12T20:02:31.866Z | 2021-10-16T01:50:40.276Z | Resource Forking | Adversaries may abuse resource forks to hide m... | ... | [macOS] | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 1 | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | 1.0 | attack-pattern | attack-pattern--824add00-99a1-4b15-9a2d-6c5683... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-08T14:06:28.212Z | 2021-10-15T00:48:06.723Z | Downgrade Attack | Adversaries may downgrade or use a version of ... | ... | [Windows, Linux, macOS] | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 2 | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | 1.0 | attack-pattern | attack-pattern--84601337-6a55-4ad7-9c35-79e0d1... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-05T21:26:15.081Z | 2021-10-18T16:36:37.042Z | Login Items | Adversaries may add login items to execute upo... | ... | [macOS] | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 3 | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | 1.0 | attack-pattern | attack-pattern--4933e63b-9b77-476e-ab29-761bc5... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-05T01:15:06.293Z | 2021-11-01T18:09:09.670Z | Reflective Code Loading | Adversaries may reflectively load code into a ... | ... | [macOS, Linux, Windows] | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
| 4 | [{'kill_chain_name': 'mitre-attack', 'phase_na... | [{'source_name': 'mitre-attack', 'url': 'https... | 1.0 | attack-pattern | attack-pattern--8565825b-21c8-4518-b75e-cbc4c7... | identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | 2021-10-01T17:58:26.445Z | 2021-10-07T18:19:25.352Z | Cloud Storage Object Discovery | Adversaries may enumerate objects in cloud sto... | ... | [IaaS] | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN |
5 rows × 31 columns
Export CSV File#
df.to_csv('all_techniques_non_stix.csv', index=False)