Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your organization’s existing threat modeling methodology. This process is intended for universal application to any system or technology stack (large or small) using existing threat modeling methodologies like STRIDE, …
The software industry is faced with managing large numbers of software weaknesses (commonly identified by static-scanning tools using CWE ID reference), alongside large numbers of software vulnerabilities (CVEs), which all sit across many assets with differing security requirements. The calculator …
The project presents a comprehensive mapping of M365’s native security features against the MITRE ATT&CK® framework, detailing how these capabilities can protect, detect, and respond to cyber threats. By reviewing M365 documentation, the project identifies security actions that can mitigate …
M3TID leverages threat understanding to improve a security program by creating an actionable definition of threat-informed defense and its associated key activities, and a formalized approach to measure your threat-informed defense. This maturity model complements existing cybersecurity maturity …
Mappings Explorer is a hub for defenders to explore security capabilities mapped to MITRE ATT&CK®. This singular resource enables cyber defenders to understand how security controls and capabilities protect against the adversary behaviors catalogued in the ATT&CK knowledge base. Our mappings …
This project provides cybersecurity defenders and researchers with critical insight into real-world adversary behaviors mapped to ATT&CK. The ecosystem fundamentally advances the collective ability to see threat activity across organizational, platform, vendor, and geographical boundaries. …
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT …
Sensor Mappings to ATT&CK gives cyber defenders the information they need to identify and understand cyber incidents occurring in their environment. Various tools and services are available to collect system or network information, but it is not always clear how to use those tools to provide …
OceanLotus (aka APT32, SeaLotus, APT-C-00) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists. This project adds the first macOS and Linux focused …
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at …
