MITRE ATT&CK Knowledge Base Scraper
Pricing
from $3.00 / 1,000 results
MITRE ATT&CK Knowledge Base Scraper
Extract MITRE ATT&CK techniques, tactics, groups, software, mitigations, and data sources from the Enterprise, Mobile, or ICS matrices. Filter by tactic phase or platform.
Pricing
from $3.00 / 1,000 results
Rating
0.0
(0)
Developer
Compute Edge
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
8 days ago
Last modified
Categories
Share
Extract the MITRE ATT&CK knowledge base — the global, freely available adversary tactics, techniques, and procedures (TTPs) catalog used by every SOC, threat hunting team, and detection engineer on the planet. This Actor pulls structured records for techniques, tactics, threat groups, software (malware/tools), mitigations, data sources, and campaigns from the official MITRE STIX 2.1 bundles.
ATT&CK powers detection-as-code, purple-team exercises, threat modeling, and red-team planning. Use this Actor to build always-fresh datasets for SIEM correlation rules, EDR detection coverage gap analysis, GRC mappings (NIST 800-53, ISO 27001), and AI threat-intel assistants.
Key Features
- All three matrices — Enterprise, Mobile, and ICS ATT&CK in one Actor
- Filter by object type — Techniques, Tactics, Groups, Software, Mitigations, Data Sources, Campaigns
- Tactic filter — Pull only techniques mapped to a kill-chain phase (e.g.,
initial-access,lateral-movement) - Platform filter — Filter techniques by target platform (Windows, Linux, macOS, Cloud, Containers, etc.)
- Skip deprecated/revoked — Default to only current, active ATT&CK objects
- Direct ATT&CK URLs — Every record includes the canonical
attack.mitre.orgURL - No authentication — Public MITRE CTI repository, no keys required
Output Data Fields
| Field | Description |
|---|---|
attackId | ATT&CK ID (e.g., T1059, S0002, G0007) |
stixId | Underlying STIX 2.1 object ID |
type | STIX object type (attack-pattern, intrusion-set, etc.) |
name | Object name |
description | Full description text |
tactics | Tactic phases the technique belongs to |
platforms | Targeted platforms (Windows, Linux, etc.) |
dataSources | Recommended data sources for detection |
detection | Detection guidance |
permissionsRequired | Privilege levels required |
isSubtechnique | True for sub-techniques (e.g., T1059.001) |
version | MITRE-assigned version |
created | Creation timestamp |
modified | Last modified timestamp |
aliases | Known aliases (for groups / software) |
url | Canonical attack.mitre.org URL |
domain | Source domain (enterprise, mobile, ics) |
How to Scrape MITRE ATT&CK Data
- Open the MITRE ATT&CK Scraper on Apify Store
- Select the ATT&CK Domain (Enterprise by default)
- Choose the Object Type (techniques, groups, software, etc.)
- (Optional) Add a tactic filter (e.g.,
credential-access) or platform filter (e.g.,Windows) - Click Start — clean structured JSON is written to the default dataset
Pricing
This Actor uses pay-per-result pricing. The MITRE bundles are static JSON files, so each run completes in seconds. A full Enterprise techniques extract (~700 records) is finished before the input form even closes.
Use Cases
- Detection coverage analysis — Map your EDR/SIEM rules to ATT&CK and find gaps
- Threat modeling — Generate TTP shortlists per adversary group
- AI security assistants — Feed ATT&CK into a RAG pipeline for incident triage chatbots
- Compliance mapping — Cross-reference ATT&CK with NIST 800-53, ISO 27001 controls
- Purple team planning — Pull techniques by tactic phase to design exercises
Legal & Disclaimer
This Actor reads public MITRE ATT&CK STIX bundles published by The MITRE Corporation under the ATT&CK Terms of Use. MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation. Users are responsible for compliance with MITRE's terms of use. This tool is provided "as is" without warranty of any kind.
