MITRE ATT&CK | About#

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations that codifies many of the tactics, (sub-)techniques, and procedures (TTPs) malicous actors may use to gain information about and access to your IT infrastructure.

MITRE ATT&CK website

See https://attack.mitre.org/ for more information.

Features#

In EclecticIQ Intelligence Center you can:

Exclusively for entities

Only entities can be classified with ATT&CK TTPs.

Version support#

  • Intelligence Center v3.4 supports MITRE ATT& CK v15.1.

  • Older versions of MITRE ATT&CK are supported for:

    • Classifications revoked after MITRE ATT&CK v9.0.
      (These classifications remain assigned and can still be assigned to entities.)

    • Entities exported from earlier versions of EclecticIQ Intelligence Center and imported in v3.4:

      • If the assigned classifications have not been renamed or were revoked-and-replaced, the imported entities will retain their assigned classifications.

      • If the assigned classifications were renamed (but retained their ID), the entity will be classified with the up-to-date classification names.

        Must update queries

        If a query (in a dynamic dataset or rule, for example) uses a or renamed ATT&CK classification, those queries must be updated to use the updated ATT&CK classification to continue to work.