CAPEC 3.3 content available expressed using the STIX standard

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CAPEC 3.3 content available expressed using the STIX standard




With the release of CAPEC 3.3 we have updated the CAPEC content as expressed as STIX at

As part of this release, we have included an extra custom property for attack-patterns, x_capec_execution_flow.  The Execution Flow property is used to provide a detailed step by step flow of an attack pattern. It lists the steps typically performed by an adversary when leveraging the given technique.  It is expressed as an html document.


See below for more information about this content.


Thanks again for your interest and contributions to CAPEC!


            Rich Piazza


Rich Piazza

The MITRE Corporation






MITRE has been working with DHS and the OASIS Cyber Threat Information (CTI) technical committee to develop STIX (Structured Threat Information eXpression) a standard for exchanging cyber threat information.  STIX 2.0, which was released in 2017, as a committee standard [1], is implemented as JSON objects.  MITRE has set up a GitHub site [2] which contains various cyber threat information content, expressed using the STIX standard, available to anyone. 


In order to make CAPEC content more accessible, we have recently converted the CAPEC Attack Patters to the STIX format.  This an alternative way to view CAPEC content – is still the primary source. They are available at that site in the ‘capec’ subdirectory.  Not all properties of a CAPEC Attack Pattern was converted, due to limitations of the STIX format and the complexity of some CAPEC properties. For more details on the conversion mapping see 


That documentation also includes instructions on how to use the python-stix2 API [3] to access this content programmatically.   


All comments and suggestions are welcome!