Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your organization’s existing threat modeling methodology. This process is intended for universal application to any system or technology stack (large or small) using existing threat modeling methodologies like STRIDE, …
Cybersecurity teams use threat modeling as a critical component of defensive cyber operations to understand and reduce threats to their systems and environments. To stay up to date on various threats, teams rely on cyber threat intelligence (CTI) reporting.
This project provides cybersecurity defenders and researchers with critical insight into real-world adversary behaviors mapped to ATT&CK. The ecosystem fundamentally advances the collective ability to see threat activity across organizational, platform, vendor, and geographical boundaries. …
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT …
Learn more about CTI Blueprints, one of the Center’s new projects, from Keith Wilson of Attack IQ. Visit the Center’s CTI Blueprints project summary page for links to the Github downloads, online builder and more: CTI Blueprints.
As a part of Adversary Village’s Adversary Guru series, MITRE’s Center for Threat Informed Defense presents CTI Blueprints, a free suite of templates, sample reports, and a software tool designed to help analysts create high-quality actionable reports more consistently and efficiently.
In Episode 9 of the Center for Threat-Informed Defense’s “Leadership Spotlight” video series, Douglas José Pereira dos Santos, Director, Advanced Threat Intelligence, at Fortinet’s FortiGuard Labs, discusses Fortinet’s role in collaborating on ATT&CK Workbench. Douglas highlights issues …
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at …
The Workbench project expands the functionality of the current platform to enable teams to explore, create, annotate, and share extensions of the ATT&CK knowledge base. This work increases the utility of using Workbench as a local knowledge base that can be extended with a team’s new or updated …
This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need them. Reports produced using CTI Blueprints include structured STIX content, are tagged with ATT&CK reference, and enable operational defensive cyber …
