Security
MITRE ATT&CK technique lookup API
Resolve a MITRE ATT&CK technique ID (e.g. T1059 or T1059.001) to its name, description, tactics, and platforms, plus — the value-add — the mitigations, detection strategies, and adversary groups associated with it, resolved by walking the ATT&CK STIX relationship graph (lazy-loaded keyless Enterprise bundle, cached daily). Answers 'how do I mitigate T1059', 'which APT groups use this technique', 'how do I detect command-and-scripting-interpreter abuse', 'what tactic is this ATT&CK technique under'.
Price$0.01per request
MethodPOST
Route/v1/security/mitre-technique
StatusLive
MIME typeapplication/json
Rate limit60/minute
Cache86400s public
securitymitreatt&ckattacktechniquetacticsthreat-intelttp
API URL
Integration docshttps://x402.hexl.dev/v1/security/mitre-techniqueExample request
{
"techniqueId": "T1059"
}Example response
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"description": "Adversaries may abuse command and script interpreters to execute commands...",
"tactics": [
"execution"
],
"platforms": [
"Windows",
"macOS",
"Linux"
],
"isSubtechnique": false,
"url": "https://attack.mitre.org/techniques/T1059",
"mitigationCount": 9,
"mitigations": [
{
"id": "M1038",
"name": "Execution Prevention"
}
],
"detections": [
{
"id": "dc--abc",
"name": "Command Execution"
}
],
"groupCount": 17,
"groups": [
{
"id": "G0016",
"name": "APT29"
}
]
}Input schema
{
"type": "object",
"required": [
"techniqueId"
],
"properties": {
"techniqueId": {
"type": "string",
"examples": [
"T1059"
]
}
}
}Output schema
{
"type": "object",
"additionalProperties": true
}