Prioritize Known Exploited Vulnerabilites
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
Stacked Defense from the Hardware Up
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
The Best Defense is a Security Capability Mapped to ATT&CK
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
Security Stack Mappings – Microsoft 365 Mappings
The project presents a comprehensive mapping of M365’s native security features against the MITRE ATT&CK® framework, detailing how these capabilities can protect, detect, and respond to cyber threats. By reviewing M365 documentation, the project identifies security actions that can mitigate …
Mappings Explorer
Mappings Explorer is a hub for defenders to explore security capabilities mapped to MITRE ATT&CK®. This singular resource enables cyber defenders to understand how security controls and capabilities protect against the adversary behaviors catalogued in the ATT&CK knowledge base. Our mappings …
Center Conversations: Bridging VERIS and ATT&CK to Improve Incident Classification
The Center for Threat-Informed Defense collaborated with Verizon and Siemens to combine the common language of ATT&CK with the incident model of VERIS. Bridging these two communities enables improved understanding of incidents and threats.
In this Center Conversation, Alex Pinto and Phil …
Leadership Spotlight: Mapping ATT&CK to CVE for Impact with Carl Wright (AttackIQ)
In Episode 6 of the Center for Threat-Informed Defense’s “Leadership Spotlight” video series, Carl Wright, Chief Commercial Officer at AttackIQ, discusses the Center’s “Mapping ATT&CK to CVE for Impact” R&D project.
ATT&CK Integration Into VERIS
This project updates and expands the translation layer between VERIS and ATT&CK allowing ATT&CK to describe the adversary behaviors that were observed in an incident coded in VERIS. These connections allow for joint analysis of the information that ATT&CK describes well alongside the …