Tessl Tile for pypi/mitreattack-python@5.1.0

or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

cli-tools.md collections.md excel-export.md index.md stix20-data-access.md version-comparison.md version-management.md

cli-tools.mddocs/

0
# Command Line Interface Tools
1

2
Seven CLI tools for common ATT&CK data workflows including Excel export, layer generation, collection management, and data download. These command-line utilities provide direct access to the library's functionality without requiring Python programming, enabling integration into automated workflows and data processing pipelines.
3

4
## Available CLI Commands
5

6
### 1. attackToExcel_cli
7

8
Convert ATT&CK STIX data to Excel spreadsheets with multiple worksheets.
9

10
```bash
11
attackToExcel_cli [OPTIONS]
12
```
13

14
**Options:**
15
- `-domain DOMAIN` - ATT&CK domain to export (enterprise-attack, mobile-attack, ics-attack)
16
- `-version VERSION` - Specific ATT&CK version to export (e.g., "14.1")
17
- `-output OUTPUT_DIR` - Directory to save Excel file (default: current directory)
18
- `-stix-file FILE` - Use local STIX file instead of downloading
19
- `-remote URL` - Remote URL of an ATT&CK workbench server
20
- `-help` - Show help message
21

22
**Examples:**
23
```bash
24
# Export latest Enterprise ATT&CK
25
attackToExcel_cli -domain enterprise-attack -output ./exports/
26

27
# Export specific version  
28
attackToExcel_cli -domain enterprise-attack -version 14.1 -output ./v14_exports/
29

30
# Export from local file
31
attackToExcel_cli -stix-file ./my-attack-data.json -output ./local_exports/
32

33
# Export from remote workbench
34
attackToExcel_cli -domain enterprise-attack -remote http://localhost:3000 -output ./remote_exports/
35
```
36

37
### 2. layerExporter_cli
38

39
Export ATT&CK Navigator layers to different formats (SVG, Excel).
40

41
```bash
42
layerExporter_cli [OPTIONS]
43
```
44

45
**Options:**
46
- `--input INPUT_FILE` - Input layer JSON file
47
- `--output OUTPUT_FILE` - Output file path
48
- `--format FORMAT` - Output format (svg, excel, xlsx)
49
- `--config CONFIG_FILE` - Configuration file for export settings
50
- `--width WIDTH` - SVG width in pixels (default: 1200)
51
- `--height HEIGHT` - SVG height in pixels (default: 800)
52
- `--font-size SIZE` - Font size for SVG text (default: 12)
53
- `--template TEMPLATE` - Excel template to use
54
- `--help` - Show help message
55

56
**Examples:**
57
```bash
58
# Export layer to SVG
59
layerExporter_cli --input my_layer.json --format svg --output my_layer.svg
60

61
# Export to Excel with custom template
62
layerExporter_cli --input threat_layer.json --format excel --template detailed --output threat_analysis.xlsx
63

64
# Custom SVG dimensions
65
layerExporter_cli --input layer.json --format svg --width 1600 --height 1000 --output large_layer.svg
66
```
67

68
### 3. layerGenerator_cli
69

70
Generate ATT&CK Navigator layers from data analysis.
71

72
```bash
73
layerGenerator_cli [OPTIONS]
74
```
75

76
**Options:**
77
- `--data-source SOURCE` - ATT&CK data source (enterprise-attack, mobile-attack, ics-attack)
78
- `--output OUTPUT_DIR` - Directory to save generated layers
79
- `--type TYPE` - Layer type (overview, usage, detection, custom)
80
- `--groups GROUPS` - Filter by specific group IDs (comma-separated)
81
- `--software SOFTWARE` - Filter by specific software IDs (comma-separated)
82
- `--platforms PLATFORMS` - Filter by platforms (comma-separated)
83
- `--version VERSION` - ATT&CK version to use
84
- `--config CONFIG_FILE` - Configuration file for layer generation
85
- `--colormap COLORMAP` - Color mapping scheme (red-blue, heat, custom)
86
- `--help` - Show help message
87

88
**Examples:**
89
```bash
90
# Generate overview layers
91
layerGenerator_cli --data-source enterprise-attack --type overview --output ./overview_layers/
92

93
# Generate usage layers for specific groups
94
layerGenerator_cli --data-source enterprise-attack --type usage --groups G0016,G0028 --output ./group_layers/
95

96
# Generate detection coverage layers
97
layerGenerator_cli --data-source enterprise-attack --type detection --output ./detection_layers/
98

99
# Custom layer with platform filtering
100
layerGenerator_cli --data-source enterprise-attack --platforms Windows --colormap heat --output ./windows_layers/
101
```
102

103
### 4. indexToMarkdown_cli
104

105
Convert ATT&CK collection indices to Markdown documentation.
106

107
```bash
108
indexToMarkdown_cli [OPTIONS]
109
```
110

111
**Options:**
112
- `--input INPUT_FILE` - Input collection index JSON file
113
- `--output OUTPUT_FILE` - Output Markdown file path
114
- `--template TEMPLATE` - Markdown template to use (default, detailed, summary)
115
- `--include-relationships` - Include relationship mappings in output
116
- `--include-metadata` - Include collection metadata
117
- `--sections SECTIONS` - Specific sections to include (comma-separated)
118
- `--format FORMAT` - Output format variant (github, html, plain)
119
- `--help` - Show help message
120

121
**Examples:**
122
```bash
123
# Basic conversion
124
indexToMarkdown_cli --input collection_index.json --output collection_report.md
125

126
# Detailed report with relationships
127
indexToMarkdown_cli --input index.json --output detailed_report.md --template detailed --include-relationships
128

129
# Custom sections only
130
indexToMarkdown_cli --input index.json --output summary.md --sections overview,techniques,groups
131
```
132

133
### 5. collectionToIndex_cli
134

135
Convert ATT&CK Collections to index format for processing.
136

137
```bash
138
collectionToIndex_cli [OPTIONS]
139
```
140

141
**Options:**
142
- `--input INPUT_FILE` - Input ATT&CK Collection JSON file
143
- `--output OUTPUT_FILE` - Output index JSON file path
144
- `--validate` - Validate collection format before conversion
145
- `--include-metadata` - Include extended metadata in index
146
- `--filter-types TYPES` - Filter by object types (comma-separated)
147
- `--sort-by FIELD` - Sort objects by field (name, id, created, modified)
148
- `--help` - Show help message
149

150
**Examples:**
151
```bash
152
# Basic conversion with validation
153
collectionToIndex_cli --input apt29_collection.json --output apt29_index.json --validate
154

155
# Filter specific object types
156
collectionToIndex_cli --input collection.json --output filtered_index.json --filter-types attack-pattern,intrusion-set
157

158
# Sort by creation date
159
collectionToIndex_cli --input collection.json --output sorted_index.json --sort-by created
160
```
161

162
### 6. diff_stix
163

164
Compare ATT&CK versions and generate change reports.
165

166
```bash
167
diff_stix [OPTIONS]
168
```
169

170
**Options:**
171
- `--old OLD_FILE` - Older version STIX file path
172
- `--new NEW_FILE` - Newer version STIX file path  
173
- `--output OUTPUT_FILE` - Output changelog file path
174
- `--format FORMAT` - Output format (json, markdown, html, text)
175
- `--filter TYPE` - Filter by object type (attack-pattern, intrusion-set, etc.)
176
- `--summary-only` - Generate summary statistics only
177
- `--include-relationships` - Include relationship changes
178
- `--verbose` - Verbose output with detailed changes
179
- `--help` - Show help message
180

181
**Examples:**
182
```bash
183
# Basic version comparison
184
diff_stix --old v14.1.json --new v15.0.json --output changelog.json
185

186
# Markdown changelog
187
diff_stix --old old_version.json --new new_version.json --format markdown --output changes.md
188

189
# Filter by techniques only
190
diff_stix --old v1.json --new v2.json --filter attack-pattern --output technique_changes.json
191

192
# Summary statistics only
193
diff_stix --old v1.json --new v2.json --summary-only --output summary.json
194
```
195

196
### 7. download_attack_stix
197

198
Download ATT&CK STIX data from official sources.
199

200
```bash
201
download_attack_stix [OPTIONS]
202
```
203

204
**Options:**
205
- `--domains DOMAINS` - Domains to download (comma-separated)
206
- `--versions VERSIONS` - Specific versions to download (comma-separated)
207
- `--stix-version VERSION` - STIX format version (2.0, 2.1)
208
- `--output OUTPUT_DIR` - Directory to save downloaded files
209
- `--latest` - Download latest versions only
210
- `--all-versions` - Download all available versions
211
- `--verify-hashes` - Verify file integrity with SHA256 hashes
212
- `--force` - Overwrite existing files
213
- `--quiet` - Suppress progress output
214
- `--help` - Show help message
215

216
**Examples:**
217
```bash
218
# Interactive mode (prompts for selections)
219
download_attack_stix
220

221
# Download latest versions of all domains
222
download_attack_stix --domains enterprise-attack,mobile-attack,ics-attack --latest
223

224
# Download specific versions
225
download_attack_stix --domains enterprise-attack --versions 14.1,15.0,15.1 --stix-version 2.1
226

227
# Download to specific directory with verification
228
download_attack_stix --domains enterprise-attack --latest --output ./attack_data/ --verify-hashes
229

230
# Download all historical versions (Enterprise only)
231
download_attack_stix --domains enterprise-attack --all-versions --output ./historical/
232
```
233

234
## Batch Processing Examples
235

236
### Complete ATT&CK Analysis Workflow
237

238
```bash
239
#!/bin/bash
240
# Complete workflow: download, convert, analyze, and visualize
241

242
# Set up directories
243
mkdir -p data exports layers reports
244

245
# Download latest ATT&CK data
246
download_attack_stix --domains enterprise-attack,mobile-attack --latest --output data/ --verify-hashes
247

248
# Convert to Excel for analysis
249
attackToExcel_cli -domain enterprise-attack -output exports/
250
attackToExcel_cli -domain mobile-attack -output exports/
251

252
# Generate visualization layers
253
layerGenerator_cli --data-source enterprise-attack --type overview --output layers/overview/
254
layerGenerator_cli --data-source enterprise-attack --type usage --groups G0016,G0028,G0032 --output layers/groups/
255

256
# Export layers to SVG for presentations
257
for layer in layers/overview/*.json; do
258
    base_name=$(basename "$layer" .json)
259
    layerExporter_cli --input "$layer" --format svg --output "exports/${base_name}.svg"
260
done
261

262
echo "ATT&CK analysis workflow complete!"
263
```
264

265
### Version Comparison Pipeline
266

267
```bash
268
#!/bin/bash
269
# Compare multiple ATT&CK versions and generate reports
270

271
versions=("13.1" "14.0" "14.1" "15.0" "15.1")
272
domain="enterprise-attack"
273

274
# Download all versions
275
for version in "${versions[@]}"; do
276
    download_attack_stix --domains $domain --versions $version --output data/versions/
277
done
278

279
# Compare consecutive versions
280
for ((i=0; i<${#versions[@]}-1; i++)); do
281
    old_version=${versions[$i]}
282
    new_version=${versions[$((i+1))]}
283
    
284
    old_file="data/versions/${domain}-v${old_version}.json"
285
    new_file="data/versions/${domain}-v${new_version}.json"
286
    
287
    # Generate JSON changelog
288
    diff_stix --old "$old_file" --new "$new_file" --output "reports/${old_version}_to_${new_version}.json"
289
    
290
    # Generate Markdown report
291
    diff_stix --old "$old_file" --new "$new_file" --format markdown --output "reports/${old_version}_to_${new_version}.md"
292
    
293
    echo "Compared $old_version -> $new_version"
294
done
295

296
echo "Version comparison pipeline complete!"
297
```
298

299
### Collection Processing Workflow
300

301
```bash
302
#!/bin/bash
303
# Process multiple ATT&CK Collections
304

305
collections_dir="collections"
306
output_dir="processed_collections"
307

308
mkdir -p "$output_dir"/{indices,reports}
309

310
# Process each collection file
311
for collection in "$collections_dir"/*.json; do
312
    base_name=$(basename "$collection" .json)
313
    
314
    echo "Processing collection: $base_name"
315
    
316
    # Convert to index
317
    collectionToIndex_cli --input "$collection" --output "$output_dir/indices/${base_name}_index.json" --validate
318
    
319
    # Generate markdown report
320
    indexToMarkdown_cli --input "$output_dir/indices/${base_name}_index.json" --output "$output_dir/reports/${base_name}_report.md" --include-relationships
321
    
322
    echo "Processed: $base_name"
323
done
324

325
echo "Collection processing complete!"
326
```
327

328
### Multi-Domain Export Pipeline
329

330
```bash
331
#!/bin/bash
332
# Export all ATT&CK domains in multiple formats
333

334
domains=("enterprise-attack" "mobile-attack" "ics-attack")
335
formats=("excel" "layers")
336

337
for domain in "${domains[@]}"; do
338
    echo "Processing domain: $domain"
339
    
340
    # Create domain-specific directories
341
    mkdir -p "exports/$domain"/{excel,layers,svg}
342
    
343
    # Export to Excel
344
    attackToExcel_cli -domain "$domain" -output "exports/$domain/excel/"
345
    
346
    # Generate overview layers
347
    layerGenerator_cli --data-source "$domain" --type overview --output "exports/$domain/layers/"
348
    
349
    # Convert layers to SVG
350
    for layer in "exports/$domain/layers/"*.json; do
351
        if [ -f "$layer" ]; then
352
            base_name=$(basename "$layer" .json)
353
            layerExporter_cli --input "$layer" --format svg --output "exports/$domain/svg/${base_name}.svg"
354
        fi
355
    done
356
    
357
    echo "Completed: $domain"
358
done
359

360
echo "Multi-domain export complete!"
361
```
362

363
## Integration with Other Tools
364

365
### Using with CI/CD Pipelines
366

367
```yaml
368
# GitHub Actions example
369
name: ATT&CK Data Analysis
370
on:
371
  schedule:
372
    - cron: '0 0 * * 0'  # Weekly
373
  workflow_dispatch:
374

375
jobs:
376
  analyze-attack-data:
377
    runs-on: ubuntu-latest
378
    steps:
379
      - uses: actions/checkout@v3
380
      
381
      - name: Setup Python
382
        uses: actions/setup-python@v4
383
        with:
384
          python-version: '3.11'
385
      
386
      - name: Install mitreattack-python
387
        run: pip install mitreattack-python
388
      
389
      - name: Download latest ATT&CK data
390
        run: download_attack_stix --domains enterprise-attack --latest --output data/
391
      
392
      - name: Generate Excel reports
393
        run: attackToExcel_cli -domain enterprise-attack -output reports/
394
      
395
      - name: Generate visualization layers
396
        run: layerGenerator_cli --data-source enterprise-attack --type overview --output layers/
397
      
398
      - name: Upload artifacts
399
        uses: actions/upload-artifact@v3
400
        with:
401
          name: attack-analysis
402
          path: |
403
            reports/
404
            layers/
405
```
406

407
### Using with Jupyter Notebooks
408

409
```python
410
# In Jupyter notebook cell
411
import subprocess
412

413
# Download data
414
subprocess.run([
415
    "download_attack_stix", 
416
    "--domains", "enterprise-attack", 
417
    "--latest", 
418
    "--output", "./notebook_data/"
419
])
420

421
# Generate layers for analysis
422
subprocess.run([
423
    "layerGenerator_cli",
424
    "--data-source", "enterprise-attack",
425
    "--type", "overview", 
426
    "--output", "./notebook_layers/"
427
])
428

429
print("Data prepared for notebook analysis")
430
```

Version

Tile

Files

cli-tools.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

cli-tools.mddocs/