KQL Search

//Parses MITRE's Enterprise Attack json

let MITRE = externaldata(object_marking_refs:string,id:string,type:string,created:string,created_by_ref:string,external_references:string,source_name:string,url:string,external_id:string,modified:string,name:string,description:string,x_mitre_deprecated:string,x_mitre_version:string,x_mitre_modified_by_ref:string)
    [@"https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json"]
    with (format="MultiJSON", ingestionMapping='[{"Column":"type","Properties":{"Path":"$.type"}},{"Column":"id","Properties":{"Path":"$.id"}},{"Column":"objects","Properties":{"Path":"$.objects"}},{"Column":"x_mitre_domains","Properties":{"Path":"$.objects.x_mitre_domains"}},{"Column":"object_marking_refs","Properties":{"Path":"$.objects.object_marking_refs"}},{"Column":"id","Properties":{"Path":"$.objects.id"}},{"Column":"type","Properties":{"Path":"$.objects.type"}},{"Column":"created","Properties":{"Path":"$.objects.created"}},{"Column":"created_by_ref","Properties":{"Path":"$.objects.created_by_ref"}},{"Column":"external_references","Properties":{"Path":"$.objects.external_references"}},{"Column":"source_name","Properties":{"Path":"$.objects.external_references.source_name"}},{"Column":"url","Properties":{"Path":"$.objects.external_references.url"}},{"Column":"external_id","Properties":{"Path":"$.objects.external_references.external_id"}},{"Column":"modified","Properties":{"Path":"$.objects.modified"}},{"Column":"name","Properties":{"Path":"$.objects.name"}},{"Column":"description","Properties":{"Path":"$.objects.description"}},{"Column":"x_mitre_deprecated","Properties":{"Path":"$.objects.x_mitre_deprecated"}},{"Column":"x_mitre_version","Properties":{"Path":"$.objects.x_mitre_version"}},{"Column":"x_mitre_modified_by_ref","Properties":{"Path":"$.objects.x_mitre_modified_by_ref"}},]');
MITRE