The Workbench project expands the functionality of the current platform to enable teams to explore, create, annotate, and share extensions of the ATT&CK knowledge base. This work increases the utility of using Workbench as a local knowledge base that can be extended with a team’s new or updated …
This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need them. Reports produced using CTI Blueprints include structured STIX content, are tagged with ATT&CK reference, and enable operational defensive cyber …
The ATT&CK Sync project streamlines upgrades to new versions of MITRE ATT&CK® by providing tools and resources to migrate existing projects to current ATT&CK versions in a timely and efficient manner. The ATT&CK knowledge base is updated twice per year and with each new ATT&CK …
This project updates and expands the translation layer between VERIS and ATT&CK allowing ATT&CK to describe the adversary behaviors that were observed in an incident coded in VERIS. These connections allow for joint analysis of the information that ATT&CK describes well alongside the …
Defending IaaS with ATT&CK developed an ATT&CK matrix that enables users to easily understand and work with the techniques applicable to Infrastructure-as-a-Service (IaaS) environments, regardless of whether the attacks target the cloud management layer, the container technology, or the …
Micro Emulation Plans help organizations validate their defenses quickly and easily by building smaller scale adversary emulation plans that are fully automated using compatible tools and focused on common threats. The Micro Emulation Plans help scale the impact of the Adversary Emulation Library …
The Cloud Analytics project sought to advance the state of the practice by developing a blueprint for writing analytics for cloud platforms. To create the blueprint, the team “learned by doing” – exercising adversary behaviors, developing analytics, and refining them. Lessons learned were gathered …
This project identified and mapped security capabilities available as part of GCP to the ATT&CK techniques to which they can detect, protect, or respond. This allows cyber defenders of cloud platforms to make threat-informed decisions about which capabilities to use and how to use them.
ATT&CK Powered Suit is a freely available browser extension that puts the MITRE ATT&CK® knowledge base at your fingertips. This extension enables quick searches for tactics, techniques, and more without disrupting your workflow. Easily copy snippets into a notebook to streamline your …
Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques. Our open methodology considers technique prevalence, common attack choke points, and actionability to enable defenders to focus on the ATT&CK techniques that are most relevant to their …
