Is the ATT&CK TAXII Server still functioning?

Frameworks, Standards, and Tools
, ,
1

Following this post (very old): https://medium.com/mitre-attack/att-ck-content-available-in-stix-2-0-via-public-taxii-2-0-server-317e5c41e214
Using this code (copied from the article):

## python3 get_api_roots.py
### import requirements https://taxii2client.readthedocs.io/en/latest/api/taxii2client.v21.html#taxii2client.v21.Server
from stix2 import TAXIICollectionSource
from taxii2client import Server

# define server and get API Root
server = Server("https://cti-taxii.mitre.org/taxii/")
api_root = server.api_roots[0]

# Print name and ID of all ATT&CK domains available as collections
for collection in api_root.collections:
    print(collection.title + ": " + collection.id)

But getting:

    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 406 Client Error: Not Acceptable for url: https://cti-taxii.mitre.org/taxii/

I’ve played around with adding headers in the request manually to match TAXII spec, but alas, I cannot to figure out what’s missing from my request. Any pointers welcome…

2

This is an issue with TAXII versioning.

The ATT&CK TAXII server is based on v2.0 of the TAXII spec.

from taxii2client import Server

By default the above will import the v21 subpackage (TAXII 2.1). Info here; API Reference — taxii2client 2.3.0 documentation

You just need to change this line to explicitly ask for v2.0 as follows

from taxii2client.v20 import Server

That should get you up and running :crossed_fingers:

3

Hurrah! It works :tada:. Thanks @davidg-dogesec

My code now successfully shows the collections available

Enterprise ATT&CK: 95ecc380-afe9-11e4-9b6c-751b66dd541e
PRE-ATT&CK: 062767bd-02d2-4b72-84ba-56caef0f8658
Mobile ATT&CK: 2f669986-b40b-4423-b720-4396ca6a462b
ICS ATT&CK: 02c3ef24-9cd4-48f3-a99f-b74ce24f1d34
5

I’ve posted a more thorough tutorial from all my notes that you will find useful: