Get MITRE ATT&CK Dashboard
Retrieves MITRE ATT&CK dashboard data based on the specified period and filter conditions.
Required Permissions
Requires the MEMBER role or higher.
HTTP Request
GET /api/sonar/mitre-attack/dashboard
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
"https://HOSTNAME/api/sonar/mitre-attack/dashboard?from=2024-01-01+00:00:00%2B0900&to=2024-01-31+23:59:59%2B0900"
Request Parameters
| Key | Required | Type | Description | Note |
|---|---|---|---|---|
| from | X | Date | Start date | yyyy-MM-dd HH:mm:ssZ format |
| to | X | Date | End date | yyyy-MM-dd HH:mm:ssZ format |
| addrs | X | String list | IP/CIDR addresses | Comma-separated IP/CIDR list |
| hosts | X | String list | Host list | Comma-separated host list |
Success Response
{
"dashboard": {
"tactics": [
{
"mitre_id": "TA0001",
"name": "Initial Access",
"description": "The adversary is trying to get into your network.",
"count": 15
}
],
"techniques": [
{
"mitre_id": "T1190",
"name": "Exploit Public-Facing Application",
"tactic_ids": [
"TA0001"
],
"count": 8
}
],
"total_events": 150,
"time_range": {
"from": "2024-01-01 00:00:00+0900",
"to": "2024-01-31 23:59:59+0900"
}
}
}
- dashboard (Map): Dashboard data
- tactics (Array): Detected MITRE ATT&CK tactic list
- mitre_id (String): MITRE ATT&CK tactic ID
- name (String): Tactic name
- description (String): Tactic description
- count (32-bit integer): Detection count
- techniques (Array): Detected MITRE ATT&CK technique list
- mitre_id (String): MITRE ATT&CK technique ID
- name (String): Technique name
- tactic_ids (String array): Associated tactic ID list
- count (32-bit integer): Detection count
- total_events (32-bit integer): Total number of events
- time_range (Map): Query time range
- from (String): Start date and time
- to (String): End date and time
- tactics (Array): Detected MITRE ATT&CK tactic list
Error Responses
Invalid date format
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "'from' parameter should be date format (yyyy-MM-dd HH:mm:ss+0000)"
}
Invalid IP address in addrs
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "invalid IP address: 999.999.999.999"
}
Invalid CIDR notation in addrs
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "invalid IP address in CIDR notation: 999.999.999.999/24"
}
CIDR mask out of 0~32 range in addrs
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "CIDR mask must be between 0 and 32: 10.0.0.0/33"
}