The Vocabulary for Event Recording and Incident Sharing (VERIS) provides a common language for describing security incidents as a whole, while MITRE ATT&CK® provides a common language for describing detailed adversary behavioral tactics, techniques, and procedures (TTPs). Mapping between VERIS and ATT&CK allows people to connect the who, what, and why of cybersecurity incidents captured in VERIS with the when and how of the adversary behavior as described in ATT&CK. The mapping layer between the two languages empowers defenders to efficiently connect ATT&CK-based threat intel to VERIS-based incident reports, to more fully understand and document cybersecurity incidents.

This project is created and maintained by the MITRE Engenuity Center for Threat-Informed Defense (Center) in futherance of our mission to advance the start of the art and and the state of the practice in threat-informed defense globally. The project is funded by our research participants.