Published Projects

Sensor Mappings to ATT&CK

Project Summary

Sensor Mappings to ATT&CK gives cyber defenders the information they need to identify and understand cyber incidents occurring in their environment. Various tools and services are available to collect system or network information, but it is not always clear how to use those tools to provide visibility into specific threats and adversarial behaviors occurring in their environment. These mappings between sensor events and ATT&CK data sources allows cyber defenders to create a more detailed picture of cyber incidents, including the threat actor, technical behavior, telemetry collection, and impact.

Problem

Cyber defenders need to connect which tools, capabilities, and events detect specific adversary behaviors.

Solution

Link adversary behaviors to defenders’ tools, capabilities, and sensors through ATT&CK Data Sources.

Impact

Defenders collect and analyze the data necessary to observe adversary behaviors.

Project Resources:

Project Announcement Project Website GitHub

Funding Research Participants

Non-Profit Participants

Explore More of Our Work:

Jun 2025

Threat-Informed Defense for the Financial Sector

Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute …

Continue reading

May 2025

Ambiguous Techniques

Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …

Continue reading

Feb 2025

Prioritize Known Exploited Vulnerabilities

Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.

Continue reading

Stay Informed

Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.