Threat Intelligence

ATT&CK gives analysts a common language to structure, compare, and analyze threat intelligence.

Getting Started with ATT&CK: Threat Intelligence Blog Post
This blog post describes how you can get started using ATT&CK for threat intelligence at three different levels of sophistication. (June 2019)

ATT&CKing Your Adversaries Presentation
This presentation covers how to use ATT&CK to take cyber threat intelligence and operationalize it into behaviors that can drive relevant detections. (August 2019)

Blog posts on threat intelligence
These blog posts explain the fundamentals of how to use ATT&CK for threat intelligence. (September 2018)

ATT&CKing the Status Quo Presentation
This middle part of this presentation provides an introduction to using ATT&CK for threat intelligence. Slides are also available. (September 2018)

ATT&CKing with Threat Intelligence Presentation
This presentation provides perspective on how to use threat intelligence for ATT&CK-based adversary emulation. Slides are also available.

ATT&CK Navigator Use Case for Threat Intelligence
This demo provides an overview of the ATT&CK Navigator as well as a threat intelligence use case for how to compare group behaviors. A corresponding written tutorial on comparing Navigator layers is available here. (June 2019)