anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(web): GET /api/v1/ttp/techniques/{id}/groups — MITRE-tracked groups using a technique

Browse Source 
Surfaces the intrusion-set reverse index from the loaded ATT&CK
bundle: given a technique, returns the list of groups MITRE has
documented as using it. Read-only — explicitly NOT an attribution
claim about a DECNET attacker. The frontend pulls this lazily when
the operator expands a technique panel; payload-size cost on every
TTPTagDetailRow makes embedding wasteful for techniques with 50+
documented groups.

- decnet/web/router/ttp/api_get_groups_for_technique.py exposes
  GET /api/v1/ttp/techniques/{technique_id}/groups, response_model
  list[GroupRef]. Same JWT-viewer auth gating as the rest of the
  TTP router. 404 when the technique_id doesn't resolve in the
  bundle.
- Sub-techniques are queried directly (no auto-union with parent)
  to match ATT&CK Navigator semantics; callers that want a broader
  view query the parent themselves.
- tests/ttp/test_groups_for_technique.py covers happy path, 404,
  sub-technique attribution independence, empty-list-on-zero-groups,
  and that responses include mitre_url + aliases.
- tests/web/test_api_attackers.py: fix pre-existing fixture drift
  introduced by a2a61b63 — three TestGetAttackerDetail cases were
  missing AsyncMock for repo.latest_observation_per_primitive,
  causing TypeError on await of MagicMock. The new groups endpoint
  doesn't share code with attacker_detail; this is a drive-by fix
  surfaced by the same suite run.
This commit is contained in:
anti
2026-05-09 06:45:25 -04:00
parent 84a075e405
commit 1d3086a5c7
4 changed files with 164 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
decnet/web/router/__init__.py
View File

@@ -64,6 +64,7 @@ from .ttp.api_get_by_session import router as ttp_by_session_router
from .ttp.api_get_rules import router as ttp_rules_router
from .ttp.api_get_tag_details import router as ttp_tag_details_router
from .ttp.api_export_navigator import router as ttp_navigator_router
from .ttp.api_get_groups_for_technique import router as ttp_groups_for_technique_router
api_router = APIRouter(
# Every route under /api/v1 is auth-guarded (either by an explicit
@@ -189,3 +190,4 @@ api_router.include_router(ttp_by_session_router)
api_router.include_router(ttp_rules_router)
api_router.include_router(ttp_tag_details_router)
api_router.include_router(ttp_navigator_router)
api_router.include_router(ttp_groups_for_technique_router)