Reference

⚠️🚧 Work in Progress

This document is a work in progress. Content may change, and some sections may be incomplete.

Complete technical specifications and API documentation

This section provides comprehensive reference material for the ATT&CK Data Model library. All classes, methods, schemas, and configuration options are documented here with precise technical details.

API Documentation

Core Classes

AttackDataModel - Main data model containing all ATT&CK objects
DataSource - Data source configuration and registration
Utility Functions - Helper functions and data manipulation tools

Implementation Classes (SDO)

All STIX Domain Object implementations with relationship navigation methods:

Class	ATT&CK Object	Key Methods
`TechniqueImpl`	Techniques	`getTactics()`, `getSubtechniques()`, `getParentTechnique()`, `getMitigations()`
`TacticImpl`	Tactics	`getTechniques()`
`GroupImpl`	Groups/Intrusion Sets	`getTechniques()`, `getAssociatedSoftware()`, `getAssociatedCampaigns()`
`CampaignImpl`	Campaigns	`getTechniques()`, `getSoftware()`, `getAttributedTo()`
`MalwareImpl`	Malware	`getTechniques()`, `getAssociatedGroups()`
`ToolImpl`	Tools	`getTechniques()`, `getAssociatedGroups()`
`MitigationImpl`	Mitigations	`getTechniques()`

Schema Documentation

STIX Domain Objects (SDO)

Auto-generated documentation for all ATT&CK object schemas:

Techniques - Attack patterns including sub-techniques
Tactics - Adversary tactical goals
Groups - Threat actor groups and intrusion sets
Malware - Malicious software
Tools - Legitimate software used by adversaries
Campaigns - Coordinated attack campaigns
Mitigations - Defensive measures and controls

STIX Relationship Objects (SRO)

Relationships - All relationship types and their constraints

STIX Meta Objects (SMO)

Marking Definitions - Data marking and sharing constraints

Additional Object Types

Data Sources - Detection data categories
Data Components - Specific detection data types
Analytics - Detection analytics and rules
Assets - Infrastructure and system assets

Configuration Reference

Data Source Options

Complete configuration parameters for all data source types:

Source Type	Configuration	Description
`attack`	`domain`, `version`	Official MITRE ATT&CK repository
`file`	`file`, `parsingMode`	Local STIX bundle files
`url`	`url`, `parsingMode`	Remote STIX bundle URLs
`taxii`	`server`, `collection`, `credentials`	TAXII 2.1 servers (coming soon)

View complete configuration reference →

Error Reference

Error Types and Handling

Comprehensive error codes, meanings, and resolution strategies:

Error Type	Description	Common Causes
`ValidationError`	Schema validation failures	Invalid STIX data, missing required fields
`DataSourceError`	Data source access issues	Network failures, file not found, authentication
`RelationshipError`	Broken object relationships	Missing target objects, invalid references
`ParsingError`	Data parsing failures	Malformed JSON, unsupported formats

View complete error reference →

Type Definitions

TypeScript Interfaces

All exported TypeScript types and interfaces:

// Core types
import type {
    AttackDataModel,
    DataSource,
    DataSourceOptions,
    ParsingMode
} from '@mitre-attack/attack-data-model';

// Schema types
import type {
    Technique,
    Tactic,
    Group,
    Campaign,
    Malware,
    Tool,
    Mitigation,
    Relationship
} from '@mitre-attack/attack-data-model';

// Implementation class types
import type {
    TechniqueImpl,
    TacticImpl,
    GroupImpl,
    CampaignImpl,
    MalwareImpl,
    ToolImpl,
    MitigationImpl
} from '@mitre-attack/attack-data-model';

Version Compatibility

ATT&CK Specification Versions

Current: 3.3.0
Supported: 3.0.0+
Deprecated: 2.x (legacy support only)

Library Versions

Node.js: 20.0.0+
TypeScript: 4.5.0+
Zod: 3.20.0+

View complete compatibility matrix →

Quick Reference

Essential Imports

// Main entry points
import { registerDataSource, loadDataModel } from '@mitre-attack/attack-data-model';

// Classes
import { DataSource, AttackDataModel } from '@mitre-attack/attack-data-model';

// Schemas
import { techniqueSchema, tacticSchema } from '@mitre-attack/attack-data-model';

// Types
import type { Technique, Tactic } from '@mitre-attack/attack-data-model';

Common Patterns

// Load ATT&CK data
const dataSource = new DataSource({ source: 'attack', domain: 'enterprise-attack' });
const uuid = await registerDataSource(dataSource);
const attackDataModel = loadDataModel(uuid);

// Validate data
const validTechnique = techniqueSchema.parse(techniqueData);

// Navigate relationships
const tactics = technique.getTactics();
const subtechniques = technique.getSubtechniques();

Reference Usage

This reference documentation follows these principles:

Complete: Every public API method and property is documented
Precise: Exact parameter types, return values, and constraints
Systematic: Consistent organization and formatting
Current: Auto-generated from source code when possible

Looking for something specific? Use the search functionality or check the relevant section above.

API Documentation​

Core Classes​

Implementation Classes (SDO)​

Schema Documentation​

STIX Domain Objects (SDO)​

STIX Relationship Objects (SRO)​

STIX Meta Objects (SMO)​

Additional Object Types​

Configuration Reference​

Data Source Options​

Error Reference​

Error Types and Handling​

Type Definitions​

TypeScript Interfaces​

Version Compatibility​

ATT&CK Specification Versions​

Library Versions​

Quick Reference​

Essential Imports​

Common Patterns​

Reference Usage​