Obtaining MITRE ATT&CK classification

Kaspersky Research Sandbox provides an API to obtain information about known tactics, techniques and procedures (TTPs), and mapping with MITRE ATT&CK classification for the executed object.

Before running this request, make sure the required task is not deleted.
In the cURL command, use the verbose mode (-v).
In case of a request error, the tar.gz archive will be empty, but will be a plain text file containing an error message.

Request

Request method: GET

Endpoint: https://<server name>/api/v1/sandbox/tasks/{task ID}/mitre?matrix_format=full

Parameters

Obtaining task execution results parameters

Parameter	Data type	Occurrence	Description
`task_id`	string	Required	Object execution task ID (GUID) with results you want to obtain.
`matrix_format`	string	Required	Format of the MITRE ATT&CK classification report. Available values: `full`—New extended descriptions (in JSON format) as a .zip archive. `short`—Previous report format. Default value: `full`.

Parameter

Data type

Occurrence

Description

task_id

string

Required

Object execution task ID (GUID) with results you want to obtain.

matrix_format

string

Required

Format of the MITRE ATT&CK classification report.

Available values:

full—New extended descriptions (in JSON format) as a .zip archive.
short—Previous report format.

Default value: full.

cURL command sample:

$ curl -v --user <user name> --request GET 'https://<server name>/api/v1/sandbox/tasks/<task ID>/mitre?matrix_format=full' --output <archive name>

You will be asked to enter your password. The password is not displayed while you type it.

Responses

Endpoint returns an archive with JSON files containing information about mapping with MITRE ATT&CK classification.

200 OK

Information about mapping with MITRE ATT&CK classification obtained successfully.

For a detailed description of the file contents please see Exporting execution results to JSON archive section.

400 Bad Request

Failed to obtain information about mapping with MITRE ATT&CK classification due to incorrect query.

400 Bad Request response parameters

Parameter	Data type	Description
`code`	string	Error ID.
`message`	string	Error description.
`meta`	string	Additional information, if available.

Error examples:

Incorrect task_id parameter:

{"code":6,"message":"task not found"}

Incorrect task_id parameter format:

{"code":29,"message":"bad task id"}

Incorrect matrix_format parameter:

{"code":42,"message":"invalid value","meta":"matrix_format, available values: [full short]"}

401 Unauthorized

Failed to obtain information about mapping with MITRE ATT&CK classification due to incorrect user credentials.

404 Not Found

Task with specified ID not found.

500 Internal Server Error

Failed to obtain information about mapping with MITRE ATT&CK classification due to an internal server error.

Page top