Search attack techniques

Returns a paginated list of the top attack techniques identified within your organization that match the specified search criteria. This endpoint supports advanced filtering, sorting, and metadata enrichment, including MITRE ATT&CK framework mappings and recommended mitigations.

Note: To prioritize actionable data, this endpoint applies default filters to results:

  • Excluded Statusesdone, accepted
  • Excluded Statesarchive

To retrieve all techniques, including archived or resolved items, set the exclude_resolved parameter to false.

For more information, see Top Attack Techniques in the Exposure Management User Guide.

Requires the Basic [16] user role or the ATTACK_PATH_ANALYSIS.QUERY.SEARCH custom role privilege. See Roles and Permissions.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Query Params
integer
100 to 10000
Defaults to 1000

The number of attack technique records to retrieve. If omitted, the default value is 1000. The minimum value is 100 and the maximum value is 10000.

integer
≥ 0
Defaults to 0

The number of records to skip for offset-based pagination. If omitted, the default value is 0.

string

The property and direction to sort the results by, in the format property:direction. For example: name:asc or priority:desc.

Supported properties for sorting include last_updated_at, priority, mitre_id, name, technique_name, status, state, and vector_ount.

boolean
Defaults to true

Excludes resolved attack techniques from the results. When true (default), the system filters out techniques with the following values:

  • Status — done, accepted
  • State — archive

Set to false to include all techniques regardless of status or state.

Body Params

Filter conditions for searching attack techniques. Filter operators can include nested conditions and operators to create complex filtering logic.

Defines a single filter condition used to narrow the search results for attack techniques.

string
enum

Specifies the property used to filter the results. For example: priority, name, or last_updated_at.

string
enum

Specifies the comparison operator applied to the property filter. For example: eq (equals), ne (not equals), or contains.

Defines the specific value or values to match against the property. This can be a single value or an array of values depending on the operator used.

Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
text/html