Using MITRE ATT&CK™ in Threat Hunting and Detection
MITRE ATT&CK1 is an open framework and knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviours.
This paper will introduce you to ATT&CK and related tools and resources based on ATT&CK. Then it will discuss how to make practical use of ATT&CK with a focus on threat hunting and detection.