TTP (Tactics, Techniques, and Procedures)
TTPs describe the behavior of threat actors: the high-level goals they pursue (tactics), the specific methods they use to achieve those goals (techniques), and the detailed, repeatable actions that implement those methods (procedures). The MITRE ATT&CK framework catalogues TTPs used by real adversaries.
Frequently Asked Questions
What is TTP (Tactics, Techniques, and Procedures)?
TTPs describe the behavior of threat actors: the high-level goals they pursue (tactics), the specific methods they use to achieve those goals (techniques), and the detailed, repeatable actions that implement those methods (procedures). The MITRE ATT&CK framework catalogues TTPs used by real adversaries.
How is TTP (Tactics, Techniques, and Procedures) related to IOC (Indicator of Compromise)?
TTP (Tactics, Techniques, and Procedures) and IOC (Indicator of Compromise) are both key concepts in threat intelligence. An Indicator of Compromise is a piece of forensic data — such as a malicious IP address, domain, URL, file hash, or email address — that signals a system has been compromised or attacked. Security teams use IOCs to detect, block, and investigate threats.