The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT …
Learn more about CTI Blueprints, one of the Center’s new projects, from Keith Wilson of Attack IQ. Visit the Center’s CTI Blueprints project summary page for links to the Github downloads, online builder and more: CTI Blueprints.
As a part of Adversary Village’s Adversary Guru series, MITRE’s Center for Threat Informed Defense presents CTI Blueprints, a free suite of templates, sample reports, and a software tool designed to help analysts create high-quality actionable reports more consistently and efficiently.
In Episode 9 of the Center for Threat-Informed Defense’s “Leadership Spotlight” video series, Douglas José Pereira dos Santos, Director, Advanced Threat Intelligence, at Fortinet’s FortiGuard Labs, discusses Fortinet’s role in collaborating on ATT&CK Workbench. Douglas highlights issues …
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at …
The Workbench project expands the functionality of the current platform to enable teams to explore, create, annotate, and share extensions of the ATT&CK knowledge base. This work increases the utility of using Workbench as a local knowledge base that can be extended with a team’s new or updated …
This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need them. Reports produced using CTI Blueprints include structured STIX content, are tagged with ATT&CK reference, and enable operational defensive cyber …
In this video we showcase ATT&CK Powered Suit, a freely available Chrome Extension that puts the MITRE ATT&CK® knowledge base at your fingertips. This extension enables quick searches for tactics, techniques and more without disrupting your workflow.
Attack flow is a data model with supporting tooling and examples for describing sequences of adversary behaviors. Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack. Flows can be analyzed to identify common patterns in …
Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques. Our open methodology considers technique prevalence, common attack choke points, and actionability to enable defenders to focus on the ATT&CK techniques that are most relevant to their …
