+7Hi Everyone ,
Is there a way to export the MITRE ATT&CK matrix/dashboard so the export includes (1) rule names for both curated/built-in and custom rules, and (2) the mapped MITRE ATT&CK TTPs (tactic/technique IDs and names) for each rule. Looking for bothe csv and JSON format.
+14Hey
If you wanted to extract the list of rules and how they’re being mapped to MITRE, you are able to get a list which looks like the below:
{
"name": "projects/redacted/locations/europe-west2/instances/REDACTED/rules/ru_aaaaaa-7aa1-4aa1-8aaf-4aaaaaaa",
"displayName": "RULE_NAME_HERE",
"ruleOwner": "CUSTOMER",
"tags": [
"google.mitre.technique.t1078"
],
"archived": true
},
To do this, open up developer tools, in particular the network section. Navigate to the MITRE ATTACK NAVIGATOR, filter the requests to look for something that looks like:
https://region-here-chronicle.googleapis.com/v1alpha/projects/REDACTED/locations/europe-west2/instances/REDACTED/rules?filter=rule_owner%3A%22*%22&pageSize=5000&pageToken=REDACTED&view=CONFIG_ONLY
And look at the response, there you should see a full list of rule names, owner (CURATED OR CUSTOMER), and how it has been tagged.
Kind Regards,
Ayman
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
