sigma.mitre module

class sigma.mitre.Attack(*, techniques: List[sigma.mitre.Technique], tactics: List[sigma.mitre.Tactic])

Bases: pydantic.main.BaseModel

MITRE Attack framework abstraction

ATTACK_SINGLETON: ClassVar[Optional[sigma.mitre.Attack]] = None

ATTACK_URLS: ClassVar[List[str]] = ['https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json', 'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json', 'https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json']

SOURCE_TYPES: ClassVar[List[str]] = ['mitre-pre-attack', 'mitre-attack', 'mitre-mobile-attack']

classmethod download(path: Optional[Union[str, pathlib.Path]]) → sigma.mitre.Attack

Download up-to-date attack data and save to the specified location

get_tactic(id: str) → Optional[sigma.mitre.Tactic]

Lookup a tactic by ID

get_technique(id: str) → Optional[sigma.mitre.Technique]

Lookup a technique by ID

classmethod load(path: Optional[Union[str, pathlib.Path, importlib.abc.Traversable]] = None) → sigma.mitre.Attack

Load the attack data

tactics: List[sigma.mitre.Tactic]

techniques: List[sigma.mitre.Technique]

class sigma.mitre.Tactic(*, id: str, title: str)

Bases: pydantic.main.BaseModel

MITRE Attack Tactit Details

id: str

title: str

property url: str

class sigma.mitre.Technique(*, id: str, title: str, tactics: List[str] = None)

Bases: pydantic.main.BaseModel

MITRE Attack Technique Details

id: str

tactics: Optional[List[str]]

title: str

property url: str