MITRE ATT&CK
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used as a foundation for threat detection, red team exercises, and gap analysis in security programs. The framework covers Enterprise, Mobile, and ICS environments.
Frequently Asked Questions
What is MITRE ATT&CK?
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used as a foundation for threat detection, red team exercises, and gap analysis in security programs. The framework covers Enterprise, Mobile, and ICS environments.
How is MITRE ATT&CK related to TTP (Tactics, Techniques, and Procedures)?
MITRE ATT&CK and TTP (Tactics, Techniques, and Procedures) are both key concepts in threat intelligence. TTPs describe the behavior of threat actors: the high-level goals they pursue (tactics), the specific methods they use to achieve those goals (techniques), and the detailed, repeatable actions that implement those methods (procedures). The MITRE ATT&CK framework catalogues TTPs used by real adversaries.