Sub Techniques not correctly mapped? Issue while retrieving "sub_techniques" attribute of a specific technique

[sibkyd]

The following code should print the sub techniques of the first listed technique (Abuse Elevation Control Mechanism, at the moment):
print(next(iter(attack.techniques)).sub_techniques)
However, it prints ALL the subtechniques of the entire Mitre ATT&CK framework.
The following code gets ALL the subtechniques as well:
next(iter(next(iter(attack.groups)).techniques)).sub_techniques
It looks like every technique has the whole set of subtechniques as its child, instead of the correct subtechniques.

[sibkyd]

I think technique.py sub_techniques property should be changed to something like this:

    def sub_techniques(self):
        from .sub_technique import SubTechnique
        sub_techniques_ = []
        for attack_obj in self.attack_objects['objects']:
            if attack_obj.get('x_mitre_is_subtechnique'):
                if self.id in attack_obj['external_references'][0]['external_id']:
                    sub_techniques_.append(attack_obj)
        return sub_techniques_

It partially works, but there should a be a nicer and cleaner way to do it.

[xakepnz]

Hi there, thanks for this. Let me look into this.

[xakepnz]

@sibkyd, should be fixed in v.0.1.2: b5a67dd

Poc:

for technique in attack.techniques:
    print('{} - {}'.format(technique.name, len(technique.sub_techniques)))

Before:

Weaken Encryption - 499
Web Service - 499
Web Session Cookie - 499
Web Shell - 499
Windows Admin Shares - 499
Windows Management Instrumentation - 499
Windows Management Instrumentation Event Subscription - 499
Windows Remote Management - 499
Winlogon Helper DLL - 499
XSL Script Processing - 499

After:

Weaken Encryption - 2
Web Service - 3
Web Session Cookie - 1
Web Shell - 1
Windows Admin Shares - 1
Windows Management Instrumentation - 0
Windows Management Instrumentation Event Subscription - 1
Windows Remote Management - 1
Winlogon Helper DLL - 1
XSL Script Processing - 0