This repository provides a script to produce ATT&CK CSV files (Enterprise ATT&CK converted to a set of CSV files) and MITRE ATT&CK CSV data storage (attack-csv-data/).

The script (mitre_attack_csv.py) extracts all types of SDOs (STIX Domain Objects) and SROs (STIX Relationship Objects), including STIX extensions, from the latest or the specified version of ATT&CK STIX JSON file and converts and saves them into CSV files for each SDO type and one for SRO. You can find the resulting CSV files for the different versions of ATT&CK in the "attack-csv" directory. You can give following arguments to the script.

• Run the script with --attack_id to include "mitre-attack-id" column (values are taken from external_id of source_name="mitre-attack" external_reference)
• Run the script with --attack_version VERSION to specify the ATT&CK version to use
• Run the script with -h to see its help message
• Run the script with -version or -V to see its version

The table below provides the links to the CSV folders corresponding to each ATT&CK version. There are two kinds of CSV files for each SDO of each ATT&CK version, one with ATT&CK ID (like TID, Software ID, etc.) and one without. For example, the CSV file for attack-pattern SDO of ATT&CK version 11.3 WITHOUT ATT&CK ID is attack-csv-data/v11.3/attack-pattern-v11.3.csv and WITH ATT&CK ID is attack-csv-data/v11.3/attack-pattern-w-id-v11.3.csv

This project makes use of ATT&CK®
https://attack.mitre.org/resources/terms-of-use/