Mitre Attack - Detection and Analytics

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

ATT&CK can help cyber defenders develop analytics that detect the techniques used by an adversary.

Getting Started with ATT&CK: Detection and Analytics Blog Post: This blog post describes how you can get started using ATT&CK for detection and analytics at three different levels of sophistication.
Cyber Analytics Repository (CAR): ATT&CK is the framework of what adversaries do, and CAR is a knowledge base of analytics. This blog post on CAR explains our work to improve it.
Finding Cyber Threats with ATT&CK-Based Analytics: Presents a methodology for using ATT&CK to build, test, and refine behavioral-based analytic detection capabilities.
CASCADE: This MITRE research project seeks to automate “blue team” work, including running analytics.
ATT&CKing the Status Quo Presentation: The latter part of this presentation provides an introduction to using ATT&CK to create analytics. Slides are also available.
Many people in the ATT&CK community are doing excellent work with analytics and detection. We encourage you to take a look at the ATT&CKcon 2018 presentations for ideas. You can also follow us, since we sometimes retweet information about community projects that could help ATT&CK users.