Cyber Analytics Repository

From enterprise
Jump to: navigation, search

The Cyber Analytics Repository (CAR) is a knowledge base of analytics created to detect use of techniques based on the ATT&CK for Enterprise adversary model. The analytics in CAR describe the idea behind the analytic, its relation to the ATT&CK for Enterprise adversary model, pseudocode description of how the analytic might be implemented, and how the analytic fits within the CAR Data Model.

The Finding Cyber Threats with ATT&CK-Based Analytics whitepaper was published to document the methodology MITRE used in applying ATT&CK for Enterprise to create and refine the analytics within CAR.