Created
May 20, 2018 03:53
-
-
Save jpbruckler/31914c4327e3ffda7fb8032199b0f8ee to your computer and use it in GitHub Desktop.
Example of connecting to MITRE TAXII to retrieve collection information
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Header = @{ | |
| 'Accept' = 'application/vnd.oasis.stix+json; version=2.0' | |
| } | |
| $BaseURI = 'https://cti-taxii.mitre.org/stix/' | |
| $EnterpriseCollection = 'collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/objects' | |
| $Uri = '{0}{1}' -f $BaseURI, $EnterpriseCollection | |
| $Response = Invoke-RestMethod -Headers $Header | |
| <# | |
| Response will be like: | |
| type id spec_version objects | |
| ---- -- ------------ ------- | |
| bundle bundle--fbba7fc8-3f3a-4f1f-86a4-54d812f37de4 2.0 {@{name=.bash_profile and .bashrc Mitigation; descrip... | |
| #> | |
| <# | |
| Objects are structured like this ($Response.objects[0]): | |
| name : .bash_profile and .bashrc Mitigation | |
| description : Making these files immutable and only changeable by certain administrators will limit the ability | |
| for adversaries to easily create user level persistence. | |
| external_references : {@{url=https://attack.mitre.org/wiki/Technique/T1156; source_name=mitre-attack; external_id=T1156}} | |
| created_by_ref : identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5 | |
| id : course-of-action--4f170666-7edb-4489-85c2-9affa28a72e0 | |
| created : 2018-04-18T17:59:24.739Z | |
| modified : 2018-04-18T17:59:24.739Z | |
| type : course-of-action | |
| #> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment