The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has provided a new guidance called “Best Practices for MITRE ATT&CK Mapping”, which is designed to help network defenders to better understand adversary behavior.
The main objective is to encourage a common language in threat actor analysis, showing threat intelligence analysts how to map attackers moves through instructions and examples.
The MITRE ATT&CK framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
CISA created the new guide in partnership with the Homeland Security Systems Engineering and Development Institute (HSSEDI), a DHS-owned R&D center operated by MITRE, which worked with the MITRE ATT&CK team.
The 20-page document outlines various attack levels (Tactics, Techniques and Procedures, TTPs), and provides helpful tips on detection analysis and approaches to mapping raw data to ATT&CK. It also includes a list of mitigations that network defenders can use to strengthen the security posture of their organizations’ systems.