Other Center Projects

CTI Blueprints - June 2023

This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need them. Reports produced using CTI Blueprints include structured STIX content, are tagged with ATT&CK reference, and enable operational defensive cyber analysis, analytics testing, and adversary emulation. We will establish a new normal for cyber threat intelligence. Producers will create actionable intelligence for their consumers, and consumers will take specific threat-informed action.

Defending IAAS with ATT&CK - November 2022

Defending IaaS with ATT&CK developed an ATT&CK matrix that enables users to easily understand and work with the techniques applicable to Infrastructure-as-a-Service (IaaS) environments, regardless of whether the attacks target the cloud management layer, the container technology, or the hosted infrastructure. The project also developed documentation and tools to simplify creating overlays for other domains like Industrial Control Systems (ICS) or Operational Technology (OT).

Sensor Mappings – December 2023

The Sensor Mappings to ATT&CK Project (SMAP) is a collection of resources to assist security operations teams and security leaders with understanding which tools, capabilities, and events can help provide visibility into real-world adversary behaviors potentially occurring in their environments. SMAP builds on MITRE ATT&CK® Data Sources by connecting the conceptual data source representations of information that can be collected to concrete logs, sensors, and other security capabilities that provide that type of data.

Sightings Ecosystem - February 2022

This project provides cybersecurity defenders and researchers with critical insight into real-world, in the wild adversary behaviors mapped to ATT&CK. The ecosystem aims to fundamentally advance the collective ability to see threat activity across organizational, platform, vendor and geographical boundaries. Voluntarily contributed raw “sightings”, or observations, of specific adversary TTPs are mapped to ATT&CK, anonymized, and aggregated to produce intelligence describing insights from that data.

Summiting The Pyramid – September 2023

Many analytics are dependent on specific tools or artifacts. Adversaries can easily evade these with low-cost changes that exploit the dependencies. This project developed a method to evaluate analytics relative to the adversary’s cost to evade. We further created approaches and tips for defenders to make their analytics less evadable. We demonstrated the methodology with a core set of analytics.

Threat Report ATT&CK Mapper - August 2023

Many analytics are dependent on specific tools or artifacts. Adversaries can easily evade these with low-cost changes that exploit the dependencies. This project developed a method to evaluate analytics relative to the adversary’s cost to evade. We further created approaches and tips for defenders to make their analytics less evadable. We demonstrated the methodology with a core set of analytics.