{"id":18819553,"url":"https://github.com/securityriskadvisors/mitreevalsdb","last_synced_at":"2026-01-16T05:30:17.235Z","repository":{"id":95760277,"uuid":"160841408","full_name":"SecurityRiskAdvisors/mitreevalsdb","owner":"SecurityRiskAdvisors","description":"MITRE Evaluations Database ","archived":false,"fork":false,"pushed_at":"2019-02-22T22:42:20.000Z","size":125,"stargazers_count":9,"open_issues_count":0,"forks_count":5,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-12-30T02:51:46.635Z","etag":null,"topics":["mitre","mitre-attack"],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SecurityRiskAdvisors.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-07T15:29:45.000Z","updated_at":"2022-03-07T19:03:26.000Z","dependencies_parsed_at":"2023-05-21T23:15:14.135Z","dependency_job_id":null,"html_url":"https://github.com/SecurityRiskAdvisors/mitreevalsdb","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityRiskAdvisors%2Fmitreevalsdb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityRiskAdvisors%2Fmitreevalsdb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityRiskAdvisors%2Fmitreevalsdb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityRiskAdvisors%2Fmitreevalsdb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SecurityRiskAdvisors","download_url":"https://codeload.github.com/SecurityRiskAdvisors/mitreevalsdb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239754791,"owners_count":19691352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mitre","mitre-attack"],"created_at":"2024-11-08T00:23:44.636Z","updated_at":"2025-02-20T00:25:50.566Z","avatar_url":"https://github.com/SecurityRiskAdvisors.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MITRE ATT\u0026CK Evaluation DB\n\nOriginally featured in this blog post: https://securityriskadvisors.com/blog/a-closer-look-at-mitre-attck-evaluation-data/\n\n## Database\n\n### Columns\n\n- vendor\n- techniquename\n- techniqueid\n- Telemetry\n    - yes or no\n- Indicator of Compromise\n    - yes or no\n- Enrichment\n    - yes or no\n- General Behavior\n    - yes or no\n- Specific Behavior\n    - yes or no\n- Tainted\n    - combination of 5 main detection categories\n- Delayed\n    - combination of 5 main detection categories\n- Configuration Change\n    - combination of 5 main detection categories\n\n### Example Queries\n\nrecommended browser: http://inloop.github.io/sqlite-viewer/\n\nTechniques with no detections\n\n```\nselect count(Vendor) as Product_Misses, techniquename, techniqueid from edr where Telemetry = 'no' AND Indicator = 'no' AND Enrichment = 'no' AND General = 'no' AND Specific = 'no' group by techniqueid ORDER BY Product_Misses DESC \n```\n\nTechniques with no detection (filtered for only general and specific behaviors)\n\n```\nselect count(Vendor) as Product_Misses, techniquename, techniqueid from edr where General = 'no' AND Specific = 'no' group by techniqueid ORDER BY Product_Misses DESC\n```\n\nTotal detections by vendor\n\n```\nselect vendor, count(vendor) as total_detections from edr WHERE Telemetry = 'yes' OR Indicator = 'yes' OR Enrichment = 'yes' OR General = 'yes' or Specific = 'yes' group by vendor; \n```\n\nTotal detections by vendor (filtered for only general and specific behaviors)\n\n```\nselect vendor, count(vendor) as total_detections from edr WHERE General = 'yes' or Specific = 'yes' group by vendor;\n```\n\nResults for single technique\n\n```\nselect * from edr where techniqueid == 'T1110'\n```\n\nResults for multiple techniques (filtered for only general and specific behaviors)\n\n```\nselect vendor,techniquename,techniqueid,general,specific,tainted,delayed,configuration from edr where techniqueid in ('T1110','T1048') and 'yes' in (general, specific) order by techniqueid\n```\n\n## Report\n\nThe report.html file contains multiple tables, each containing the detection results for a single technique.\n\n## JSON\n\nOriginal JSON data from the evaluations site\n\n## Links\n\n- MITRE Evaluations: https://attackevals.mitre.org/\n- MITRE ATT\u0026CK: https://attack.mitre.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurityriskadvisors%2Fmitreevalsdb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecurityriskadvisors%2Fmitreevalsdb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurityriskadvisors%2Fmitreevalsdb/lists"}