Using MITRE ATT&CK™ in Threat Hunting and Detection

A Preface to the MITRE ATT&CK™ Framework and Practical Uses

How do you prioritize the many threats to your organization? How do you address them with the tools you already have?

MITRE ATT&CK, an open framework and knowledge base of adversary tactics and techniques based on real-world observations, provides a structured method to help you answer these questions.

ATT&CK is a powerful way to classify and study adversary techniques and understand their intent. You can use it to enhance, analyze, and test your threat hunting and detection efforts.

This white paper introduces you to ATT&CK and related tools and resources. You’ll learn:

  • The structure of ATT&CK, comprising tactics, techniques, examples, mitigation, and detection
  • How to use ATT&CK to assess, enhance, and test your monitoring, threat detection, and threat hunting efforts
  • How to apply five common ATT&CK techniques in your threat detection and hunting practice
Attackers and defenders constantly respond to each other, which means, on either side, what works today might not tomorrow. LogRhythm