MITRE ATT&CK | About

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations that codifies many of the tactics, (sub-)techniques, and procedures (TTPs) malicous actors may use to gain information about and access to your IT infrastructure.

MITRE ATT&CK website

See https://attack.mitre.org/ for more information.

Features

In EclecticIQ Intelligence Center you can:

• Add MITRE ATT&CK TTPs to entities as classifications providing additional context for your intelligence.

• Analyze the relative occurence of classifications in your intelligence with MITRE ATT&CK analysis.

Exclusively for entities

Only entities can be classified with ATT&CK TTPs.

Version support

• Intelligence Center v3.4 supports MITRE ATT& CK v15.1.

• Older versions of MITRE ATT&CK are supported for:

  • Classifications revoked after MITRE ATT&CK v9.0.
    (These classifications remain assigned and can still be assigned to entities.)

  • Entities exported from earlier versions of EclecticIQ Intelligence Center and imported in v3.4:

    • If the assigned classifications have not been renamed or were revoked-and-replaced, the imported entities will retain their assigned classifications.

    • If the assigned classifications were renamed (but retained their ID), the entity will be classified with the up-to-date classification names.

      Must update queries

      If a query (in a dynamic dataset or rule, for example) uses a or renamed ATT&CK classification, those queries must be updated to use the updated ATT&CK classification to continue to work.