TTPs & CVEs
TTPs
GET/ttps
Returns all MITRE ATT&CK techniques and sub-techniques observed in the dataset.
GET/ttps/:id
Full TTP detail including procedures and linked actors/tools.
Summarize TTP procedures
POST/ttps/summarize
Accepts a list of TTPs with their observed procedures and returns a one- or two-sentence AI-generated summary per TTP. Used by the frontend to condense multiple procedure entries into a readable description. Results are cached.
No authentication required. Request body:
json
{
"ttps": [
{
"id": "uuid",
"mitre_id": "T1059.001",
"technique": "Command and Scripting Interpreter",
"sub_technique": "PowerShell",
"procedures": [
{ "description": "Used PowerShell to download and execute a payload from a remote server." }
]
}
]
}Only TTPs with more than one procedure entry are summarised — TTPs with a single procedure are returned as-is by the caller. If no TTPs qualify, returns an empty object {}.
Response — an object keyed by TTP UUID, value is the summary string:
json
{
"3f8a1c2d-...": "Used PowerShell to download staged payloads and execute encoded commands. Also observed running AMSI bypass scripts prior to payload execution."
}CVEs
GET/cves
Returns all CVEs with CVSS scores and exploitation context.
GET/cves/:cve_id
Full CVE detail. Accepts standard CVE ID (e.g.
CVE-2021-44228).