Attack Path: Export MITRE ATT&CK Heatmap
Tenable has added a new export endpoint for Attack Path that enables you to export MITRE ATT&CK heatmap data programmatically in JSON or CSV format. You can submit export requests based on filter criteria and retrieve results asynchronously using an export ID.
JSON exports conform to the MITRE ATT&CK Navigator layer schema, enabling direct import into MITRE ATT&CK Navigator for visualization and analysis. CSV exports provide a flat table of technique data for reporting and integration workflows.
This enhancement enables you to:
- Export MITRE ATT&CK heatmap data in JSON or CSV format
- Filter exported data by ATT&CK matrix, platform, severity, and technique name
- Retrieve export results asynchronously using an export ID
The new endpoint is described in the following table:
| API Endpoint | Name | Description |
|---|---|---|
| POST /api/v1/export/mitre-heatmap | Export MITRE ATT&CK heatmap | Submits an export request for MITRE ATT&CK heatmap data that matches the specified filter criteria. Returns an export ID used to check the status of the export and download the results. |
The endpoint supports the following request parameters:
| Property | Data Type | Description |
|---|---|---|
file_format | String | Required. Specifies the export format. Supported values are JSON and CSV. |
filter | Object | Optional. Defines the filter criteria used to narrow the exported heatmap data. |
columns | Array (String) | Optional. Specifies the columns to include in the export. If omitted, all available columns are included. |
file_name | String | Optional. Specifies a custom name for the exported file. |
The filter object supports the following properties:
| Property | Data Type | Description |
|---|---|---|
matrix | String | Specifies the MITRE ATT&CK matrix to export. Supported values: enterprise (Enterprise matrix) or ics (Industrial Control Systems matrix). If omitted, the system uses the default value of enterprise. |
platform | String | Filters techniques by platform. Only techniques applicable to the specified platform are included in the export. |
query | String | Filters techniques by name using a case-insensitive substring match. |
show_all_techniques | Boolean | When true, includes all techniques in the selected matrix, even if no active findings exist. When omitted, only techniques with active findings are included. |
severities | Array of Strings | Filters techniques based on finding severity. Supported values are info, low, medium, high, and critical. |
Example: Export a MITRE ATT&CK Navigator Layer
For example, to export the Enterprise ATT&CK matrix as a Navigator-compatible JSON layer, you could use the following request:
curl --request POST \
--url https://cloud.tenable.com/api/v1/export/mitre-heatmap \
--header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"file_format": "JSON",
"filter": {
"matrix": "enterprise"
}
}
'How the export process works
The export workflow follows these steps:
- Submit an export request using the Export MITRE ATT&CK heatmap endpoint.
- Use the returned
export_idto check the export status with the Get export status endpoint. - When the export is complete, download the results using the Download export endpoint.