Attack Flow 2

2.0.0 – October 27th, 2022

This major update to Attack Flow is based on community feedback from Attack Flow 1 and extensive collaboration with our research partners. The major improvements include:

  • The new specification is based on STIX 2.1 and addresses known limitations and feedback on the Attack Flow 1 specification.

  • Completely overhauled Attack Flow Builder tool: more powerful and more user-friendly.

  • Greatly expanded the documentation (you’re reading it right now!) to provide a better ramp up for learning Attack Flow as well as more depth when you’re ready to become an Attack Flow expert.

  • Added a dozen new attack flows to the public corpus. These flows are useful for learning Attack Flow, for evaluating future changes to the Attack Flow specification, and data mining.

This release is not backwards-compatible with 1.0.0.

Attack Flow 1

1.0.0 – March 2nd, 2022

The initial release of Attack Flow contains a specification for a machine-readable specification for describing sequences (or more generally “graphs”) of adversary behaviors. The release also contains a web application for creating attack flows visually as well as Python library code for validating flows.