MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
The goal of ATT&CK Cyber Threat Intelligence Training is for students to understand the following:
- What ATT&CK is and why it’s useful for cyber threat intelligence (CTI)
- How to map to ATT&CK from both finished reporting and raw data
- Why it’s challenging to store ATT&CK-mapped data and what you should consider when doing that
- How to perform CTI analysis using ATT&CK-mapped data
- How to make defensive recommendations based on CTI analysis
The training contains five modules that consist of videos and exercises. This training was designed to be completed in approximately 4 hours, and may be completed solo or as a team. We recommend you view the video for each module, and when prompted, pause the video to access the exercise documents linked below and complete the exercises, then proceed with viewing the video to go over the exercise. A copy of all slides from the training are available here.
The exercises in this training are based on a previous version of ATT&CK. We recommend using ATT&CK v6 and ATT&CK Navigator v2 to match the training.
Module 1: Introducing training and understanding ATT&CK
Module 2 with Exercise 2: Mapping to ATT&CK from finished reporting
Module 3 with Exercise 3: Mapping to ATT&CK from raw data
Module 4 with Exercise 4: Storing and analyzing ATT&CK-mapped intel
Module 5 with Exercise 5: Making ATT&CK-mapped data actionable with defensive recommendations