All,
With the release of CAPEC 3.4 we have updated the CAPEC content as expressed as STIX at https://github.com/mitre/cti.
See below for more information about this content.
Thanks again for your interest and contributions to CAPEC!
Rich Piazza
--
Rich Piazza
Lead Cyber Security Engineer
The MITRE Corporation
781-271-3760
MITRE has been working with DHS and the OASIS Cyber Threat Information (CTI) technical committee to develop STIX (Structured Threat Information eXpression) a standard for exchanging cyber
threat information. STIX 2.0, which was released in 2017, as a committee standard [1], is implemented as JSON objects. MITRE has set up a GitHub site [2] which contains
various cyber threat information content, expressed using the STIX standard, available to anyone.
In order to make CAPEC content more accessible, the CAPEC Attack Patters in STIX 2.0 format are available. This an alternative way to view CAPEC content – capec.mitre.org is still the primary source. They are available at that
site in the ‘capec’ subdirectory. Not all properties of a CAPEC Attack Pattern are converted, due to limitations of the STIX format and the complexity of some CAPEC properties. For more details on the conversion mapping see USAGE-CAPEC.md.
That documentation also includes instructions on how to use the python-stix2 API [3] to access this content programmatically.
All comments and suggestions are welcome!
[1]: http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html
[2]: https://github.com/mitre/cti
[3]: https://github.com/oasis-open/cti-python-stix2
Locked
