#!/usr/bin/env python
# coding: utf-8

# # **MITRE ATT&CK API FILTERS**: Python Client
# ------------------

# ## Import ATTACK API Client

# In[1]:


from attackcti import attack_client


# ## Import Extra Libraries

# In[2]:


from pandas import *
from pandas.io.json import json_normalize


# ## Initialize ATT&CK Client Variable

# In[3]:


lift = attack_client()


# ## Get Technique by Name (TAXII)
# You can use a custom method in the attack_client class to get a technique across all the matrices by its name. It is case sensitive.

# In[4]:


technique_name = lift.get_technique_by_name('Rundll32')


# In[5]:


technique_name


# ## Get Data Sources from All Techniques (TAXII)
# * You can also get all the data sources available in ATT&CK
# * Currently the only techniques with data sources are the ones in Enterprise ATT&CK.

# In[6]:


data_sources = lift.get_data_sources()


# In[7]:


len(data_sources)


# In[8]:


data_sources


# ## Get Any STIX Object by ID (TAXII)
# * You can get any STIX object by its id across all the matrices. It is case sensitive.
# * You can use the following STIX Object Types:
#   * attack-pattern >  techniques
#   * course-of-action > mitigations
#   * intrusion-set > groups
#   * malware
#   * tool

# In[9]:


object_by_id = lift.get_object_by_attack_id('attack-pattern', 'T1307')


# In[10]:


object_by_id


# ## Get Any Group by Alias (TAXII)
# You can get any Group by its Alias property across all the matrices. It is case sensitive.

# In[11]:


group_name = lift.get_group_by_alias('Cozy Bear')


# In[12]:


group_name


# ## Get Relationships by Any Object (TAXII)
# * You can get available relationships defined in ATT&CK of type **uses** and **mitigates** for specific objects across all the matrices.

# In[13]:


groups = lift.get_groups()
one_group = groups[0]
relationships = lift.get_relationships_by_object(one_group)


# In[14]:


relationships[0]


# ## Get All Techniques with Mitigations (TAXII)
# The difference with this function and **get_all_techniques()** is that **get_techniques_mitigated_by_all_mitigations** returns techniques that have mitigations mapped to them.

# In[15]:


techniques_mitigated = lift.get_techniques_mitigated_by_all_mitigations()


# In[16]:


techniques_mitigated[0]


# ## Get Techniques Used by Software (TAXII)
# This the function returns information about a specific software STIX object.

# In[ ]:


all_software = lift.get_software()
one_software = all_software[0]
software_techniques = lift.get_techniques_used_by_software(one_software)


# In[ ]:


software_techniques[0]


# ## Get Techniques Used by Group (TAXII)
# If you do not provide the name of a specific **Group** (Case Sensitive), the function returns information about all the groups available across all the matrices.

# In[ ]:


groups = lift.get_groups()
one_group = groups[0]
group_techniques = lift.get_techniques_used_by_group(one_group)


# In[ ]:


group_techniques[0]


# ## Get Software Used by Group (TAXII)
# You can retrieve every software (malware or tool) mapped to a specific Group STIX object

# In[ ]:


groups = lift.get_groups()
one_group = groups[0]
group_software = lift.get_software_used_by_group(one_group)


# In[ ]:


group_software[0]


# In[ ]: