The Cloud Analytics project sought to advance the state of the practice by developing a blueprint for writing analytics for cloud platforms. To create the blueprint, the team “learned by doing” – exercising adversary behaviors, developing analytics, and refining them. Lessons learned were gathered …
This project identified and mapped security capabilities available as part of GCP to the ATT&CK techniques to which they can detect, protect, or respond. This allows cyber defenders of cloud platforms to make threat-informed decisions about which capabilities to use and how to use them.
ATT&CK Powered Suit is a freely available browser extension that puts the MITRE ATT&CK® knowledge base at your fingertips. This extension enables quick searches for tactics, techniques, and more without disrupting your workflow. Easily copy snippets into a notebook to streamline your …
Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques. Our open methodology considers technique prevalence, common attack choke points, and actionability to enable defenders to focus on the ATT&CK techniques that are most relevant to their …
This project created a comprehensive set of mappings between MITRE ATT&CK® and NIST Special Publication 800-53 with supporting documentation and resources. These mappings provide a critically important resource for organizations to assess their security control coverage against real-world …
This research defines a methodology for using MITRE ATT&CK® to characterize the potential impacts of vulnerabilities. ATT&CK’s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them. Vulnerability reporters and researchers use the methodology to …
This project empowers organizations with independent data on which native AWS security controls are most useful in defending against the adversary TTPs that they care about. It achieves this by mapping security capabilities of AWS to the ATT&CK techniques that they can protect, detect, or …
This project empowers organizations with independent data on which native Azure security controls are most useful in defending against the adversary TTPs that they care about. It achieves this by mapping security capabilities of Azure to the ATT&CK techniques that they can protect, detect, or …
ATT&CK Workbench is an easy-to-use open-source tool that allows organizations to manage and extend their own local version of ATT&CK and keep it in sync with MITRE’s knowledge base.
Workbench allows users to explore, create, annotate, and share extensions of the ATT&CK knowledge base. …
menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security’s (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company. …
