Defending Operational Technology (OT) with ATT&CK provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments. Historical attacks against OT and adversarial techniques contained in ATT&CK for Enterprise, ATT&CK for …
Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques. Our open methodology considers technique prevalence, common attack choke points, and actionability to enable defenders to focus on the ATT&CK techniques that are most relevant to their …
Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your organization’s existing threat modeling methodology. This process is intended for universal application to any system or technology stack (large or small) using existing threat modeling methodologies like STRIDE, …
The software industry is faced with managing large numbers of software weaknesses (commonly identified by static-scanning tools using CWE ID reference), alongside large numbers of software vulnerabilities (CVEs), which all sit across many assets with differing security requirements. The calculator …
The project presents a comprehensive mapping of M365’s native security features against the MITRE ATT&CK® framework, detailing how these capabilities can protect, detect, and respond to cyber threats. By reviewing M365 documentation, the project identifies security actions that can mitigate …
M3TID leverages threat understanding to improve a security program by creating an actionable definition of threat-informed defense and its associated key activities, and a formalized approach to measure your threat-informed defense. This maturity model complements existing cybersecurity maturity …
Mappings Explorer is a hub for defenders to explore security capabilities mapped to MITRE ATT&CK®. This singular resource enables cyber defenders to understand how security controls and capabilities protect against the adversary behaviors catalogued in the ATT&CK knowledge base. Our mappings …
This project provides cybersecurity defenders and researchers with critical insight into real-world adversary behaviors mapped to ATT&CK. The ecosystem fundamentally advances the collective ability to see threat activity across organizational, platform, vendor, and geographical boundaries. …
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT …
Sensor Mappings to ATT&CK gives cyber defenders the information they need to identify and understand cyber incidents occurring in their environment. Various tools and services are available to collect system or network information, but it is not always clear how to use those tools to provide …
