v1.1.0

Version 1.1.0 - Workbench-Driven State Management

This release introduces a fundamental shift in how the TAXII server manages state synchronization with ATT&CK Workbench, alongside improvements to collection versioning, data relationships, and system health monitoring.

Changes:

• Workbench-Driven State Management:

  • The TAXII server now strictly mirrors Workbench's state regardless of version numbers, ensuring perfect synchronization.
  • Supports seamless version transitions in all directions (upgrades, downgrades to new versions, downgrades to previously seen versions).
  • Collections and objects maintain history through active/inactive states rather than updates or deletions.

• Enhanced Data Relationship Management:

  • Replaced MongoDB document references with embedded collection metadata for improved data consistency and query performance.
  • Implemented TAXII-compliant sorting through optimized MongoDB indexes on _meta.createdAt.
  • Added proper tracking of collection-object relationships through embedded metadata.
  • Removed redundant object serialization to preserve STIX data integrity.

• System Health Monitoring:

  • Added /health/ping endpoint returning 204 No Content.
  • Bypass TAXII 2.1 content negotiation requirements for basic health checks.
  • Enhanced logging throughout the hydration process for better observability.

• Architecture Consolidation:

  • Merged collection and object management into a single HydrateService.
  • Simplified system configuration and setup.
  • Optimized database indexes for TAXII specification compliance.
  • Improved error handling and documentation.

Endpoint Validation:

All TAXII endpoints have been validated with the new state management system:

• Server Discovery
• Get API Root Information
• Get Collections (now with version history support)
• Get A Collection (with proper version state handling)
• Get Objects (with TAXII-compliant sorting)
• Get An Object (with collection relationship integrity)
• Get Object Manifests
• Get Object Versions

Impact Notice: While this release includes significant internal changes to state management and data relationships, it maintains backward compatibility with existing APIs. The system now provides more reliable synchronization with Workbench and better handles version transitions.

We strongly recommend upgrading to this version to benefit from the improved state management, enhanced version handling, and optimized data relationships.

For more information on TAXII and STIX structures, please refer to the TAXII 2.1 Specification.

v1.0.5

Version 1.0.5 - Enhanced STIX Data Ingestion and MongoDB Document Tracking

This release introduces significant improvements to the TAXII server’s data ingestion and storage mechanisms, optimizing how STIX data is retrieved from Workbench, validated, and stored in MongoDB.

Changes:

• Hydrate MongoDB from Workbench /api/stix-bundle:

  • The TAXII server now retrieves STIX objects from Workbench’s /api/stix-bundle endpoint instead of /api/attack-objects, enabling native ingestion of both STIX 2.0 and 2.1 objects.
  • Six REST calls are now made (for each ATT&CK domain and STIX version) instead of one. The slight overhead is offset by eliminating the need for complex, manual version conversion in the TAXII code.

• Removal of DTO Wrappers for STIX/ATT&CK Objects:

  • Removed DTO wrappers for STIX objects to avoid potential issues with missing properties during serialization.
  • This update allows all attributes of STIX objects to pass through as-is, reducing maintenance risks and preventing data loss due to incomplete DTOs.
  • Future data validation will be handled by the ATT&CK Data Model (ADM), specifically the stixBundleSchema, once full compatibility with Nest.js is feasible.

• New created_at Timestamp:

  • Added a created_at timestamp at the root of each document in MongoDB to mark when the object was added to the database.
  • This property allows for enhanced metadata tracking and can support future optimizations in data querying.

Endpoint Validation:

All primary TAXII endpoints were validated to ensure compatibility and correct functionality with the new data ingestion strategy:

• Server Discovery
• Get API Root Information
• Get Collections
• Get A Collection
• Get Objects (with accurate property representation)
• Get An Object (fully tested with match filters)
• Get Object Manifests
• Get Object Versions

Impact Notice: This release does not introduce breaking changes. However, it optimizes data ingestion and validation, simplifying the maintenance of STIX data and ensuring accurate data representation in MongoDB.

We recommend all users upgrade to this version to leverage the new, efficient handling of STIX objects and the enhanced data tracking capabilities.

For more details on TAXII and STIX structures, please refer to the TAXII 2.1 Specification.

v1.0.4

Version 1.0.4 - Response Serialization and Interceptor Pipeline Fixes

This release fixes critical issues with the response serialization pipeline that were affecting various TAXII endpoints and STIX object representations.

Changes:

• Fixed SetTaxiiDateHeadersInterceptor to properly handle all TAXII resource types:
  • Now correctly processes Version resources
  • Properly maintains response data while setting headers
  • Added improved error handling and logging
• Corrected Date serialization in STIX object responses:
  • Properties like created and modified now properly output ISO date strings
  • Fixed instances where date fields were being serialized as empty objects
• Simplified DTO architecture for better maintainability:
  • Standardized DTO construction patterns
  • Enhanced type safety and validation
  • Improved debugging capabilities

Impact Notice: While this release doesn't introduce breaking changes, it significantly changes how certain data types are serialized in responses. Specifically:

• Date fields that were previously empty objects ({}) will now be proper ISO date strings
• The versions endpoint responses will now include all expected fields instead of empty objects
• TAXII headers will be consistently set across all applicable endpoints

We strongly recommend all users upgrade to this version to ensure proper interoperability with TAXII clients and correct representation of STIX data.

For more details on the TAXII resource structures and requirements, please refer to the TAXII 2.1 Specification.

v1.0.3

Version 1.0.3 - TAXII 2.1 Envelope Resource Fix

This release fixes a critical TAXII 2.1 specification compliance issue related to the Envelope resource structure.

Changes:

• Fixed incorrect key name in Envelope resource endpoints:
  • Changed items to objects to align with TAXII 2.1 specification
  • Affects all endpoints returning Envelope resources

Breaking Change Notice: This update modifies the response structure of all Envelope resource endpoints. Clients expecting the non-compliant items key will need to update their implementations to use the spec-compliant objects key.

We recommend all users upgrade to this version to maintain compatibility with other TAXII 2.1 implementations. This change ensures proper interoperability with other TAXII 2.1 clients and servers.

For more details on the Envelope resource structure, please refer to the TAXII 2.1 Specification.

v1.0.2

Version 1.0.2 - TAXII 2.1 Compliance Hotfix

This release introduces several key fixes and improvements to enhance our API's compliance with the TAXII 2.1 specification and improve overall consistency.

Changes:

• Fixed the Discovery Endpoint to return API root paths with a leading '/'.
• Corrected the Get API Root Information Endpoint to return versions as an array of strings instead of a single string.
• Implemented consistent snake_case naming convention for all API properties:
  • maxContentLength is now max_content_length
  • canRead is now can_read
  • canWrite is now can_write

This update significantly improves our API's adherence to the TAXII 2.1 specification and provides a more consistent interface for our users. While these changes enhance the API's functionality and consistency, they do not introduce any breaking changes. Users of the API are encouraged to update to this version to benefit from these improvements.

v1.0.1

Version 1.0.1 - Content-Type Header Hotfix

This release introduces a hotfix that resolves an issue with the content-type header in our REST API responses.

Changes:

• Fixed a bug where the content-type header was being incorrectly set on all outgoing HTTP responses.

This patch ensures that the API now correctly sets the content-type header, improving compatibility and adherence to TAXII 2.1 specification. Users of the API should experience no breaking changes and are encouraged to update to this version.

v1.0.0

We are excited to announce the release of version 1.0.0 of the ATT&CK Workbench TAXII 2.1 API Server. This API provides access to the MITRE ATT&CK knowledge base using the TAXII 2.1 specification.

Key features:

• Retrieve STIX 2.1 representations of ATT&CK techniques, groups, software, and other objects
• Browse and search ATT&CK content using TAXII 2.1 endpoints
• Access the latest ATT&CK content in a machine-readable format

The API is now live and accessible at: https://attack-taxii.mitre.org/

For more information and API documentation, please visit the ATT&CK Workbench TAXII 2.1 API Server page.

We appreciate your support and feedback. If you have any questions or encounter any issues, please let us know.

Thank you,
The MITRE ATT&CK Team