Matrices
Enterprise
Mobile
ICS
Tactics
Enterprise
Mobile
ICS
Techniques
Enterprise
Mobile
ICS
Defenses
Data Sources
Mitigations
Enterprise
Mobile
ICS
Assets
CTI
Groups
Software
Campaigns
Resources
Get Started
Learn More about ATT&CK
ATT&CK Data & Tools
FAQ
Engage with ATT&CK
Version History
Legal & Branding
Benefactors
Blog
Search
ATT&CK v15 has been released! Check out the
blog post
or
release notes
for more information.
RESOURCES
Get Started
Learn More about ATT&CK
Presentation Archive
ATT&CKcon Presentations
ATT&CKcon 4.0
ATT&CKcon 3.0
ATT&CKcon Power Hour
ATT&CKcon 2.0
ATT&CKcon 2018
Trainings
CTI Training
ATT&CK Data & Tools
FAQ
Engage with ATT&CK
Stay Informed
Contribute
Benefactors
Version History
Legal & Branding
Home
Resources
Get Started
Detections and Analytics
Detections and Analytics
ATT&CK can help cyber defenders develop analytics that detect the techniques used by an adversary.
Getting Started with ATT&CK: Detection and Analytics Blog Post
This blog post describes how you can get started using ATT&CK for detection and analytics at three different levels of sophistication. (June 2019)
Cyber Analytics Repository (CAR)
ATT&CK is the framework of what adversaries do, and CAR is a knowledge base of analytics based on ATT&CK.
This blog post on CAR
explains our work to improve it. (December 2018)
Finding Cyber Threats with ATT&CK-Based Analytics
Presents a methodology for using ATT&CK to build, test, and refine behavioral-based analytic detection capabilities. (June 2017)
CASCADE
This MITRE research project seeks to automate “blue team” work, including running analytics.
ATT&CKing the Status Quo Presentation
The latter part of this presentation provides an introduction to using ATT&CK to create analytics.
Slides are also available.
(September 2018)
ATT&CKcon 2018 presentations
Many people in the ATT&CK community are doing excellent work with analytics and detection. We encourage you to take a look at these presentations for ideas. (October 2018)
Return to Get Started
×
load more results