MITRE ATT&CK
Threat Informed Defense
Official Website →MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Framework Structure
- Tactics - The adversary’s tactical goals (the “why”)
- Techniques - How adversaries achieve tactical goals (the “how”)
- Sub-techniques - More specific descriptions of adversarial behavior
- Procedures - Specific implementations observed in the wild
- Mitigations - Security controls to prevent or detect techniques
- Groups - Known threat actor profiles
Use Cases
- Threat Intelligence - Mapping threats to known adversary behaviors
- Detection Engineering - Building detections aligned to techniques
- Red Team Operations - Emulating real-world adversary tradecraft
- Gap Analysis - Identifying defensive coverage gaps
- Communication - Common language for security discussions
Integration
MITRE ATT&CK integrates with STIX/TAXII for machine-readable threat intelligence sharing and is widely adopted across security tools, frameworks, and organizations.