> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cotool.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Get MITRE technique details

> Retrieve detailed information about a specific MITRE ATT&CK technique including detection rules



## OpenAPI

````yaml https://app.cotool.ai/api/docs/openapi.json get /api/mitre/techniques/{techniqueId}
openapi: 3.1.0
info:
  title: Cotool API
  version: 1.0.0
  description: >-
    # Cotool API Documentation


    The Cotool API allows you to interact with the Cotool platform
    programmatically, enabling you to build powerful integrations and automate
    your workflows.


    ## Getting an API Key


    Follow these steps to generate your API key:


    1. **Log in** to the Cotool web interface

    2. **Navigate** to `/settings/api-keys`

    3. **Click** "Generate Key"

    4. **Copy and store** your API key securely ⚠️ *It won't be shown again*


    ## API Key Authentication


    For programmatic access and integrations, use your API key with the
    Authorization header:


    ```http

    Authorization: Bearer your_api_key_here

    ```


    ```bash

    curl -X GET "https://app.cotool.ai/api/endpoint" \
      -H "Authorization: Bearer your_api_key_here" \
      -H "Content-Type: application/json"
    ```
servers:
  - url: https://app.cotool.ai
    description: Production server
security:
  - ApiKeyAuth: []
paths:
  /api/mitre/techniques/{techniqueId}:
    get:
      tags:
        - MITRE Classification
      summary: Get MITRE technique details
      description: >-
        Retrieve detailed information about a specific MITRE ATT&CK technique
        including detection rules
      parameters:
        - in: path
          name: techniqueId
          description: The MITRE technique ID to retrieve details for
          schema:
            type: string
            description: The MITRE technique ID to retrieve details for
          required: true
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  technique:
                    type: object
                    properties:
                      techniqueId:
                        type: string
                        description: MITRE ATT&CK technique ID (e.g., T1003, T1059.001)
                      techniqueName:
                        type: string
                        description: Human readable technique name
                      description:
                        type: string
                        description: Description of the technique
                      tactics:
                        type: array
                        items:
                          type: string
                        description: Array of tactic short names this technique belongs to
                      isSubtechnique:
                        type: boolean
                        description: Whether this is a subtechnique
                      parentTechnique:
                        type: string
                        description: Parent technique ID if this is a subtechnique
                      platforms:
                        type: array
                        items:
                          type: string
                        description: Supported platforms
                      dataSources:
                        type: array
                        items:
                          type: string
                        description: Data sources for detection
                      mitigations:
                        type: array
                        items:
                          type: string
                        description: Related mitigation IDs
                      url:
                        type: string
                        description: URL to official MITRE page
                      detectionCount:
                        type: number
                        description: Number of detection rules mapped to this technique
                      confidence:
                        type: number
                        minimum: 0
                        maximum: 1
                        description: Average confidence score for this technique
                      detectionRules:
                        type: array
                        items:
                          type: object
                          properties:
                            id:
                              type: string
                            name:
                              type: string
                            source:
                              type: string
                              enum:
                                - panther
                                - sublime
                                - scanner
                                - datadog
                                - splunk
                                - sentinelone
                                - elastic
                                - sumologic
                                - runreveal
                            confidence:
                              type: number
                              minimum: 0
                              maximum: 1
                            reasoning:
                              type: string
                          required:
                            - id
                            - name
                            - source
                            - confidence
                            - reasoning
                        description: Detection rules mapped to this technique
                      rawData:
                        type: object
                        properties:
                          id:
                            type: string
                          type:
                            type: string
                            const: attack-pattern
                          name:
                            type: string
                          description:
                            type: string
                          external_references:
                            type: array
                            items:
                              type: object
                              properties:
                                source_name:
                                  type: string
                                external_id:
                                  type: string
                                url:
                                  type: string
                                description:
                                  type: string
                              required:
                                - source_name
                          kill_chain_phases:
                            type: array
                            items:
                              type: object
                              properties:
                                kill_chain_name:
                                  type: string
                                phase_name:
                                  type: string
                              required:
                                - kill_chain_name
                                - phase_name
                          x_mitre_version:
                            type: string
                          x_mitre_attack_spec_version:
                            type: string
                          x_mitre_domains:
                            type: array
                            items:
                              type: string
                          x_mitre_is_subtechnique:
                            type: boolean
                          x_mitre_detection:
                            type: string
                          x_mitre_platforms:
                            type: array
                            items:
                              type: string
                          x_mitre_data_sources:
                            type: array
                            items:
                              type: string
                          aliases:
                            type: array
                            items:
                              type: string
                          created:
                            type: string
                          modified:
                            type: string
                          spec_version:
                            type: string
                          object_marking_refs:
                            type: array
                            items:
                              type: string
                          revoked:
                            type: boolean
                          x_mitre_deprecated:
                            type: boolean
                        required:
                          - id
                          - type
                          - name
                          - description
                          - created
                          - modified
                        description: Raw MITRE ATT&CK technique data
                    required:
                      - techniqueId
                      - techniqueName
                      - description
                      - tactics
                      - detectionCount
                      - confidence
                      - detectionRules
                    description: Detailed technique information
                required:
                  - technique
        '400':
          description: Bad request — input validation failed or the request was malformed
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
        '401':
          description: Unauthorized — missing or invalid API key / session
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '403':
          description: Forbidden — the authenticated user lacks the required permissions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PermissionError'
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      x-codeSamples:
        - lang: shell
          label: cURL
          source: >-
            curl -X GET
            "https://app.cotool.ai/api/mitre/techniques/:techniqueId" \
              -H "Authorization: Bearer YOUR_API_KEY" \
              -H "Content-Type: application/json"
components:
  schemas:
    ValidationError:
      type: object
      properties:
        error:
          type: string
          description: Error message describing what went wrong
        issues:
          type: array
          description: >-
            Detailed validation issues, present when request or response schema
            validation fails
          items:
            type: object
            additionalProperties: true
      required:
        - error
    Error:
      type: object
      properties:
        error:
          type: string
          description: Error message describing what went wrong
      required:
        - error
    PermissionError:
      type: object
      properties:
        error:
          type: string
          description: Error message describing what went wrong
        missingPerms:
          type: array
          description: Permissions the authenticated user is missing for this operation
          items:
            type: string
      required:
        - error
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      bearerFormat: API Key
      description: >-
        API Key authentication for programmatic access. Include your API key in
        the Authorization header as: `Bearer your_api_key_here`

````