Get MITRE ATT&CK Techniques

Retrieves a list of MITRE ATT&CK techniques.

Required Permissions

Requires the MEMBER role or higher.

HTTP Request

GET /api/sonar/mitre-attack/techniques

cURL Example

curl -H "Authorization: Bearer <API_KEY>" \
     "https://HOSTNAME/api/sonar/mitre-attack/techniques?offset=0&limit=10"

Request Parameters

Key	Required	Type	Description	Note
mitre_ids	X	String list	MITRE ATT&CK ID list	Comma-separated
offset	X	32-bit integer	Number of items to skip	Default: `0`
limit	X	32-bit integer	Maximum number of items	Default: `10`, max 2000
keywords	X	String	Search keyword

Success Response

{
  "total_count": 193,
  "techniques": [
    {
      "mitre_id": "T1190",
      "name": "Exploit Public-Facing Application",
      "description": "Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior.",
      "url": "https://attack.mitre.org/techniques/T1190",
      "tactics": [
        {
          "mitre_id": "TA0001",
          "name": "Initial Access"
        }
      ],
      "platforms": ["Linux", "Windows", "macOS"],
      "data_sources": ["Application Log", "Network Traffic"]
    },
    {
      "mitre_id": "T1059",
      "name": "Command and Scripting Interpreter",
      "description": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.",
      "url": "https://attack.mitre.org/techniques/T1059",
      "tactics": [
        {
          "mitre_id": "TA0002",
          "name": "Execution"
        }
      ],
      "platforms": ["Linux", "Windows", "macOS"],
      "data_sources": ["Process", "Command"]
    }
  ]
}

total_count (32-bit integer): Total number of techniques
techniques (Array): Technique list
- mitre_id (String): MITRE ATT&CK technique ID
- name (String): Technique name
- description (String): Technique description
- url (String): MITRE ATT&CK official documentation URL
- tactics (Array): Associated tactic list
  - mitre_id (String): MITRE ATT&CK tactic ID
  - name (String): Tactic name
- platforms (String array): Applicable platform list
- data_sources (String array): Data source list

Error Responses

offset or limit is not an integer

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' parameter should be int type"
}

offset or limit is negative

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' must be greater than or equal to 0."
}

limit exceeds 2000

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'limit' must be less than or equal to 2000."
}