Getting Started

You want to get started using ATT&CK, but where do you begin? Regardless of what you want to accomplish, it’s important to understand what ATT&CK is and why MITRE created it.

Common Use Cases

ATT&CK can help cyber defenders develop analytics that detect the techniques used by an adversary.

ATT&CK gives analysts a common language to structure, compare, and analyze threat intelligence.

ATT&CK provides a common language and framework that red teams can use to emulate specific threats and plan their operations.

ATT&CK can be used to assess your organization’s capabilities and drive engineering decisions like what tools or logging you should implement.

Working with ATT&CK

Here are some resources on the ATT&CK infrastructure to help you work with the content to accomplish these use cases.

  • Interfaces for Working with ATT&CK: This page describes how you can programmatically access ATT&CK content using STIX/TAXII.
  • ATT&CK Navigator: The ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices. You can use the Navigator to visualize defensive coverage, your red/blue team planning, or anything else you what to do with ATT&CK. If you want to get started immediately, a hosted instance is available here.


We’re creating a community of ATT&CK users who are passionate about ATT&CK and threat-informed defense. Here’s how you can find other community members, find out what they’re doing with ATT&CK, and get involved.