MITRE¶
TTP: Tactics, Techniques, and Procedures - The Tactic is the adversary's goal or objective. - The Technique is how the adversary achieves the goal or objective. - The Procedure is how the technique is executed.
ATT&CK¶
( A dversarial T actics, T echniques, and C ommon K nowledge) Framework
CAR¶
( C yber A nalytics R epository) Knowledge Base
CAR defines a data model that is leveraged in its pseudocode representations, but also includes implementations directly targeted at specific tools (e.g., Splunk, EQL)
ENGAGE¶
MITRE Engage is a framework for planning and discussing adversary engagement operations that empowers you to engage your adversaries and achieve your cybersecurity goals.
With Cyber Denial we prevent the adversary's ability to conduct their operations and with Cyber Deception we intentionally plant artifacts to mislead the adversary.
- Prepare: the set of operational actions that will lead to your desired outcome (input)
- Expose: adversaries when they trigger your deployed deception activities
- Affect: adversaries by performing actions that will have a negative impact on their operations
- Elicit: information by observing the adversary and learn more about their modus operandi (TTPs)
- Understand: the outcomes of the operational actions (output)
D3FEND¶
( Detection, Denial, and Disruption Framework Empowering Network Defense)
AEP¶
( A TT&CK E mulation P lans)