I noticed that some techniques and sub-techniques in the enterprise collection are missing the x_mitre_is_subtechnique key / flag.
I've been using the TAXII server via this URL https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/ along with the python stix2 and taxii2client libraries.
I originally noticed because 'Phishing' stopped showing up in my techniques variable.
I'm not 100% sure how the JSON in this repo works, whether it feeds into the TAXII server or not, but I noticed a similar problem in the JSON files as well. For example:
Technique Phising does not have the x_mitre_is_subtechnique key
Sub Technique Employee Names does have the x_mitre_is_subtechnique key
I found there are 257 attack-patterns that don't have the x_mitre_is_subtechnique key (maybe some of these are old / revoked?) and 462 that do have the key.
Is this expected? Is there a better way to filter out / identify sub-techniques?
My use case is that I want to get just the techniques without any sub-techniques.
Hello,
I noticed that some techniques and sub-techniques in the enterprise collection are missing the
x_mitre_is_subtechnique
key / flag.I've been using the TAXII server via this URL
https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/
along with the pythonstix2
andtaxii2client
libraries.Here's the code I've been using:
I originally noticed because 'Phishing' stopped showing up in my techniques variable.
I'm not 100% sure how the JSON in this repo works, whether it feeds into the TAXII server or not, but I noticed a similar problem in the JSON files as well. For example:
x_mitre_is_subtechnique
keyx_mitre_is_subtechnique
keyx_mitre_is_subtechnique
keyx_mitre_is_subtechnique
keyI found there are 257 attack-patterns that don't have the
x_mitre_is_subtechnique
key (maybe some of these are old / revoked?) and 462 that do have the key.Is this expected? Is there a better way to filter out / identify sub-techniques?
My use case is that I want to get just the techniques without any sub-techniques.
Thanks