Get MITRE ATT&CK Technique

Retrieves detailed information of a specific MITRE ATT&CK technique.

Required Permissions

Requires the MEMBER role or higher.

HTTP Request

GET /api/sonar/mitre-attack/techniques/:mitre_id
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/mitre-attack/techniques/T1190
Request Parameters
KeyRequiredTypeDescriptionNote
mitre_idOStringMITRE ATT&CK technique IDPath parameter

Success Response

{
  "technique": {
    "mitre_id": "T1190",
    "name": "Exploit Public-Facing Application",
    "description": "Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability.",
    "url": "https://attack.mitre.org/techniques/T1190",
    "tactics": [
      {
        "mitre_id": "TA0001",
        "name": "Initial Access"
      }
    ],
    "platforms": ["Linux", "Windows", "macOS", "Network"],
    "data_sources": [
      "Application Log: Application Log Content",
      "Network Traffic: Network Traffic Content"
    ],
    "detection": "Monitor application logs for abnormal behavior that may indicate attempted or successful exploitation.",
    "mitigation": [
      {
        "mitre_id": "M1048",
        "name": "Application Isolation and Sandboxing",
        "description": "Application isolation will limit what other processes and system features the exploited target can access."
      },
      {
        "mitre_id": "M1030",
        "name": "Network Segmentation",
        "description": "Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure."
      }
    ]
  }
}
  • technique (Map): Technique information
    • mitre_id (String): MITRE ATT&CK technique ID
    • name (String): Technique name
    • description (String): Technique description
    • url (String): MITRE ATT&CK official documentation URL
    • tactics (Array): Associated tactic list
      • mitre_id (String): MITRE ATT&CK tactic ID
      • name (String): Tactic name
    • platforms (String array): Applicable platform list
    • data_sources (String array): Data source list
    • detection (String): Detection methods
    • mitigation (Array): Mitigation list
      • mitre_id (String): Mitigation ID
      • name (String): Mitigation name
      • description (String): Mitigation description

Error Responses

Technique not found

HTTP status code 200

{
  "technique": null
}