MITRE ATT&CK | About#
MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations that codifies many of the tactics, (sub-)techniques, and procedures (TTPs) malicous actors may use to gain information about and access to your IT infrastructure.
MITRE ATT&CK website
See https://attack.mitre.org/ for more information.
Features#
In EclecticIQ Intelligence Center you can:
Add MITRE ATT&CK TTPs to entities as classifications providing additional context for your intelligence.
Analyze the relative occurence of classifications in your intelligence with MITRE ATT&CK analysis.
Exclusively for entities
Only entities can be classified with ATT&CK TTPs.
Version support#
Intelligence Center v3.4 supports MITRE ATT& CK v15.1.
Older versions of MITRE ATT&CK are supported for:
Classifications revoked after MITRE ATT&CK v9.0.
(These classifications remain assigned and can still be assigned to entities.)Entities exported from earlier versions of EclecticIQ Intelligence Center and imported in v3.4:
If the assigned classifications have not been renamed or were revoked-and-replaced, the imported entities will retain their assigned classifications.
If the assigned classifications were renamed (but retained their ID), the entity will be classified with the up-to-date classification names.
Must update queries
If a query (in a dynamic dataset or rule, for example) uses a or renamed ATT&CK classification, those queries must be updated to use the updated ATT&CK classification to continue to work.