Merge pull request #131 from mitre-attack/tactics_by_technique_query

Tactics by technique query
mitre-attack · Oct 13, 2023 · 5ec186a · 5ec186a
2 parents 3b57b6e + 7558842
commit 5ec186a
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/docs/mitre_attack_data/examples.rst b/docs/mitre_attack_data/examples.rst
@@ -39,6 +39,7 @@ Getting Multiple ATT&CK Objects
 
 * `get_tactics_by_matrix.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_tactics_by_matrix.py>`_
 * `get_techniques_by_tactic.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_techniques_by_tactic.py>`_
+* `get_tactics_by_technique.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_tactics_by_technique.py>`_
 * `get_techniques_by_platform.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_techniques_by_platform.py>`_
 * `get_objects_by_content.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_objects_by_content.py>`_
 * `get_objects_created_after.py <https://github.com/mitre-attack/mitreattack-python/tree/master/examples/get_objects_created_after.py>`_

diff --git a/examples/get_tactics_by_technique.py b/examples/get_tactics_by_technique.py
@@ -0,0 +1,17 @@
+from mitreattack.stix20 import MitreAttackData
+
+
+def main():
+    mitre_attack_data = MitreAttackData("enterprise-attack.json")
+    technique_id = "attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475"
+
+    tactics = mitre_attack_data.get_tactics_by_technique(technique_id)
+
+    print(f"Retrieved {len(tactics)} tactic(s):")
+
+    for t in tactics:
+        print(f"* {t.name}")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/mitreattack/stix20/MitreAttackData.py b/mitreattack/stix20/MitreAttackData.py
@@ -424,7 +424,36 @@ def get_tactics_by_matrix(self) -> dict:
                 tactics[matrices[i]["name"]].append(self.src.get(tactic_id))
 
         return tactics
+
+    def get_tactics_by_technique(self, stix_id) -> list:
+        """Retrieve the list of tactics within a particular technique.
+        
+        Parameters
+        ----------
+        stix_id : str
+            the stix id of the technique to be queried.
+        
+        Returns
+        -------
+        list
+            a list of tactics that the technique to be queried contains.
+        """
+        technique = self.get_object_by_stix_id(stix_id)
 
+        # get tactic shortnames from technique
+        shortnames = []
+        for phase in technique.get("kill_chain_phases"):
+            shortnames.append(phase["phase_name"])
+
+        # map shortnames to tactic objects
+        all_tactics = self.get_tactics()
+        technique_tactics = []
+        for tactic in all_tactics:
+            if tactic.get_shortname() in shortnames:
+                technique_tactics.append(tactic)
+
+        return technique_tactics
+
     def get_objects_created_after(self, timestamp: str, remove_revoked_deprecated=False) -> list:
         """Retrieve objects which have been created after a given time.