cti icon indicating copy to clipboard operation
cti copied to clipboard
verified publisher icon mitre

How to get Tactics by Platform?

Open MaurizioCasciano opened this issue 4 years ago • 1 comments

I am looking for the proper way to return the Tactics of the PRE Platform within the Enterprise domain. https://attack.mitre.org/matrices/enterprise/pre/ Screenshot from 2021-06-03 15-35-42

In this case I need to return only Reconnaissance and Resource Development. The only way I'm able to think about this is by first getting all the techniques by platform, and then returning the corresponding platforms. https://github.com/mitre/cti/blob/master/USAGE.md#techniques-by-platform Screenshot from 2021-06-03 15-39-34

Needless to say that it seems a lot of work for getting just two objects. Is this the only approach?

MaurizioCasciano avatar Jun 03 '21 13:06 MaurizioCasciano

Unfortunately yes, that's the only reliable, extensible answer. I believe PRE is the only platform which has its own tactics, the other tactics are a mix of the other platforms.

However, because the PRE tactics come first in the matrix, in this case specifically you can retrieve those tactics' IDs from the matrix object, and then use that ID to get the tactic objects themselves. Again, that won't really work for other platforms/tactics, but in the case of PRE it works fine.

I'll leave this open so that we can later create a code snippet in the USAGE document for this use case.

isaisabel avatar Jun 03 '21 13:06 isaisabel