Getting Started With ATT and CK
Abstract
It's been incredible to watch the spread and adoption of the MITRE ATT and CK(trademark) framework in the cybersecurity world the last several years. We've enjoyed working with a vibrant and growing community that has created tons of useful articles, presentations, blog posts, and tweets, all helping people understand ATT and CK. Despite these great resources, it felt like most of the material out there either introduced what ATT and CK is or dove deeply into advanced topics around ATT and CK. But what if you're just taking your first steps with it? Thats why during summer 2019 we decided to write a series of blog posts around getting started with ATT and CK. The posts, inspired by Katie Nickels' Sp4rkcon talk "Putting MITRE ATT and CK into Action with What You Have, Where You Are," were written by members of the ATT and CK team and focused on what we consider ATT and CK's four primary use cases. For each use case, the authors laid out advice on how an organization could get started with ATT and CK based on available resources and overall maturity. This publication pulls together their collective wisdom, originally posted on Medium, into a single package. We hope you read it and get some new ideas on getting started with ATT and CK. Let us know what you think - we'd love to hear your feedback.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2019
- Accession Number
- AD1108109
Entities
People
- Adam Pennington
- Andy Applebaum
- Blake Strom
- John Wunder
- Katie Nickels
- Tim Schulz
Organizations
- MITRE Corporation