Skip to content
/ attack-workbench-rest-api Public

An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects.

ctid.mitre-engenuity.org/

License

Apache-2.0 license
51 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

center-for-threat-informed-defense/attack-workbench-rest-api

BranchesTags

Repository files navigation

ATT&CK Workbench REST API

The ATT&CK Workbench is an application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base.

This repository contains the REST API service for storing, querying, and editing ATT&CK objects. It is a Node.js application that uses a MongoDB database for persisting data.

Quick Start

Using Docker (Recommended)

# Create network
docker network create attack-workbench-network

# Run MongoDB
docker run --name attack-workbench-mongodb -d --network attack-workbench-network mongo:latest

# Run REST API
docker run -p 3000:3000 -d \
  --name attack-workbench-rest-api \
  --env DATABASE_URL=mongodb://attack-workbench-mongodb/attack-workspace \
  --network attack-workbench-network \
  ghcr.io/center-for-threat-informed-defense/attack-workbench-rest-api:latest

The REST API will be accessible at http://localhost:3000, with API documentation available at http://localhost:3000/api-docs.

Full Application Deployment

For a full ATT&CK Workbench deployment, including the frontend application, see the official Workbench Deployment Guide.

Documentation

  • Usage Guide: Comprehensive instructions for installing, configuring, and administering the REST API
  • Contributing Guide: Information for developers about contributing to the project
  • Data Model: Technical details about the data models used in the application

Technical Information

The REST API provides:

  • STIX 2.1 compliant object storage
  • CRUD operations for ATT&CK objects (techniques, tactics, groups, software, etc.)
  • Collection and versioning management
  • User authentication and authorization
  • API for programmatic access

Related Repositories

Notice

Copyright 2020-2025 MITRE Engenuity. Approved for public release. Document number CT0020

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use

About

An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects.

ctid.mitre-engenuity.org/

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

51 stars

Watchers

61 watching

Forks

21 forks
Report repository

Releases 48

v4.6.4 Latest
Nov 3, 2025
+ 47 releases

Packages

 
 
 

Contributors 13

Languages