Skip to content

TTPs & CVEs

TTPs

GET/ttps
Returns all MITRE ATT&CK techniques and sub-techniques observed in the dataset.
GET/ttps/:id
Full TTP detail including procedures and linked actors/tools.

Summarize TTP procedures

POST/ttps/summarize
Accepts a list of TTPs with their observed procedures and returns a one- or two-sentence AI-generated summary per TTP. Used by the frontend to condense multiple procedure entries into a readable description. Results are cached.

No authentication required. Request body:

json
{
  "ttps": [
    {
      "id": "uuid",
      "mitre_id": "T1059.001",
      "technique": "Command and Scripting Interpreter",
      "sub_technique": "PowerShell",
      "procedures": [
        { "description": "Used PowerShell to download and execute a payload from a remote server." }
      ]
    }
  ]
}

Only TTPs with more than one procedure entry are summarised — TTPs with a single procedure are returned as-is by the caller. If no TTPs qualify, returns an empty object {}.

Response — an object keyed by TTP UUID, value is the summary string:

json
{
  "3f8a1c2d-...": "Used PowerShell to download staged payloads and execute encoded commands. Also observed running AMSI bypass scripts prior to payload execution."
}

CVEs

GET/cves
Returns all CVEs with CVSS scores and exploitation context.
GET/cves/:cve_id
Full CVE detail. Accepts standard CVE ID (e.g. CVE-2021-44228).

Babel is free for individual researchers, defenders, and analysts.