Category

Cyber Threat Intelligence

Turn Your Threat Model to Supermodel with ATT&CK

Cybersecurity teams use threat modeling as a critical component of defensive cyber operations to understand and reduce threats to their systems and environments. To stay up to date on various threats, teams rely on cyber threat intelligence (CTI) reporting.

Continue reading

Sightings Ecosystem

This project provides cybersecurity defenders and researchers with critical insight into real-world adversary behaviors mapped to ATT&CK. The ecosystem fundamentally advances the collective ability to see threat activity across organizational, platform, vendor, and geographical boundaries. …

Continue reading

Insider Threat TTP Knowledge Base

The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT …

Continue reading

Leadership Spotlight: CTI Blueprints with Keith Wilson (ATTACKIQ)

Learn more about CTI Blueprints, one of the Center’s new projects, from Keith Wilson of Attack IQ. Visit the Center’s CTI Blueprints project summary page for links to the Github downloads, online builder and more: CTI Blueprints.

Continue reading

CTI Blueprints: Adversary Village

As a part of Adversary Village’s Adversary Guru series, MITRE’s Center for Threat Informed Defense presents CTI Blueprints, a free suite of templates, sample reports, and a software tool designed to help analysts create high-quality actionable reports more consistently and efficiently.

Continue reading

Leadership Spotlight: MITRE ATT&CK Workbench with Douglas Santos

In Episode 9 of the Center for Threat-Informed Defense’s “Leadership Spotlight” video series, Douglas José Pereira dos Santos, Director, Advanced Threat Intelligence, at Fortinet’s FortiGuard Labs, discusses Fortinet’s role in collaborating on ATT&CK Workbench. Douglas highlights issues …

Continue reading

Threat Report ATT&CK Mapper (TRAM)

The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at …

Continue reading

ATT&CK Workbench

The Workbench project expands the functionality of the current platform to enable teams to explore, create, annotate, and share extensions of the ATT&CK knowledge base. This work increases the utility of using Workbench as a local knowledge base that can be extended with a team’s new or updated …

Continue reading

CTI Blueprints

This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need them. Reports produced using CTI Blueprints include structured STIX content, are tagged with ATT&CK reference, and enable operational defensive cyber …

Continue reading

Center Demo: Introducing ATT&CK Powered Suit

In this video we showcase ATT&CK Powered Suit, a freely available Chrome Extension that puts the MITRE ATT&CK® knowledge base at your fingertips. This extension enables quick searches for tactics, techniques and more without disrupting your workflow.

Continue reading