MA
Uploaded byMITRE ATT&CK
PDF, PPTX605 views

ATT&CK Updates- ATT&CK's Open Source

Jared Ondricek leads software development for ATT&CK. Recent updates include adding ICS content to the website, improving detection objects and campaigns pages, custom links and SVG export in Navigator, authentication and other improvements in Workbench, transitioning the TAXII server to STIX 2.1 and OpenAPI, merging the Python library with other scripts, and planning to centralize GitHub documentation. Future work includes further Workbench, TAXII, and Python improvements along with a centralized GitHub landing page.

Technology
In this document
Powered by AI

Presentation introduction by Jared Ondricek, Lead DevOps Engineer, highlighting responsibilities and key components of ATT&CK software.

Updates on ATT&CK website addressing Industrial Control Systems (ICS), Detection Objects, Campaigns, and Search features.

Enhancements in ATT&CK Navigator including SVG Export features and Custom Links for better user experience.

Discussion on Workbench updates, roadmap with versions 1.2.0 to 1.6.0, focusing on improvements in authentication, ID generation, and other functionalities.

Updates on TAXII 2.0 and upcoming 2.1 Server functionalities, features, and compliance, with documentation availability.

Overview of the mitreattack-python library capabilities including utility functions for STIX manipulation and layer management.

Updates on MITRE's various GitHub repositories with a future plan for a centralized documentation landing page.

Summary of major updates across website, Navigator, Workbench, TAXII server, and GitHub.

Contact information for further inquiries, reiterating website details and social media presence.

Embed presentation

Download as PDF, PPTX
ATT&CK Software Updates Jared Ondricek ATT&CK Software Development Lead @jondrice /jondricek ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Who am I • Lead DevOps Engineer • Automate all the things! • Manage some things: • ATT&CK website: attack.mitre.org • Navigator • Workbench • Public TAXII server • mitreattack-python library • GitHub presence ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Website Updates: ICS ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Website Updates: ICS ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Website Updates: Detection Objects ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Website Updates: Campaigns ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Website Updates: Search ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Navigator Updates: SVG Export ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Navigator Updates: SVG Export ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Navigator Updates: Custom Links ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Navigator Updates: Custom Links ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
Workbench Updates: Roadmap ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25 1.2.0 Authentication 1.3.0 ID Generation 1.5.0 Table Improvements 1.6.0 Notes Improvements 1.4.0 Sub-technique improvements
TAXII Server Updates TAXII 2.0 Server • cti-taxii.mitre.org • Already available • Documentation on GitHub /mitre/cti USAGE.md • STIX 2.0 only TAXII 2.1 Server • Coming May 2022 • Works with custom ATT&CK Workbench backend • REST API is OpenAPI compliant (dynamic docs) • Supports STIX 2.0 and 2.1 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
mitreattack-python • pip install mitreattack-python • Converts STIX to Excel • Converts STIX to Collections (for use with Workbench) • Manipulates ATT&CK Navigator layer files • Create dynamic, custom layers • Combine layers • Export layers (Excel, SVG) • Future: merge with mitre-attack/attack-scripts • Future: Convenience methods to connect to TAXII server ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
GitHub Updates • Too many places to check • github.com/mitre/cti • github.com/mitre-attack • github.com/center-for-threat-informed-defense • Future: plan for centralized landing page to document all efforts ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25 TAXII server Workbench STIX 2.0 data STIX 2.1 data Python library Website source Collection Manager
Conclusion • Website: Campaigns & better search • Navigator: Better exports & custom linking • Workbench: Steady improvements • TAXII 2.1 server: Customization & documentation • mitreattack-python: Merge with attack-scripts • GitHub: Central landing page ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
https://attack.mitre.org attack@mitre.org @mitreattack Jared Ondricek @jondrice /jondricek ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25

More Related Content

PDF
ATT&CK Updates- Defensive ATT&CK
byMITRE ATT&CK
 
PDF
State of the ATT&CK
byMITRE ATT&CK
 
PDF
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
byMITRE ATT&CK
 
PDF
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
PDF
Mapping ATT&CK Techniques to ENGAGE Activities
byMITRE ATT&CK
 
PDF
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
PDF
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
byMITRE ATT&CK
 
PDF
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
ATT&CK Updates- Defensive ATT&CK
byMITRE ATT&CK
 
State of the ATT&CK
byMITRE ATT&CK
 
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
byMITRE ATT&CK
 
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
Mapping ATT&CK Techniques to ENGAGE Activities
byMITRE ATT&CK
 
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
byMITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 

What's hot

PDF
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
PDF
ATT&CK Updates- ATT&CK for ICS
byMITRE ATT&CK
 
PDF
ATT&CKING Containers in The Cloud
byMITRE ATT&CK
 
PDF
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
byMITRE ATT&CK
 
PDF
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
PDF
ATT&CKcon Intro
byMITRE ATT&CK
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PDF
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
byMITRE ATT&CK
 
PDF
When Insiders ATT&CK!
byMITRE ATT&CK
 
PDF
The ATT&CK Philharmonic
byMITRE ATT&CK
 
PDF
How MITRE ATT&CK helps security operations
bySergey Soldatov
 
PDF
The ATT&CK Latin American APT Playbook
byMITRE ATT&CK
 
PDF
It's just a jump to the left (of boom): Prioritizing detection implementation...
byMITRE ATT&CK
 
PPTX
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
PDF
Red Team Methodology - A Naked Look
byJason Lang
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PDF
Fantastic Red Team Attacks and How to Find Them
byRoss Wolf
 
PPTX
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
 
PDF
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
ATT&CK Updates- ATT&CK for ICS
byMITRE ATT&CK
 
ATT&CKING Containers in The Cloud
byMITRE ATT&CK
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
byMITRE ATT&CK
 
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
ATT&CKcon Intro
byMITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
byMITRE ATT&CK
 
When Insiders ATT&CK!
byMITRE ATT&CK
 
The ATT&CK Philharmonic
byMITRE ATT&CK
 
How MITRE ATT&CK helps security operations
bySergey Soldatov
 
The ATT&CK Latin American APT Playbook
byMITRE ATT&CK
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
byMITRE ATT&CK
 
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
Red Team Methodology - A Naked Look
byJason Lang
 
Threat Intelligence
byDeepak Kumar (D3)
 
Fantastic Red Team Attacks and How to Find Them
byRoss Wolf
 
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 

Similar to ATT&CK Updates- ATT&CK's Open Source

PDF
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
byMITRE ATT&CK
 
PDF
Updates from the Center for Threat-Informed Defense
byMITRE ATT&CK
 
PDF
State of the ATT&CK May 2023
byAdam Pennington
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CK Updates: Software - Jared Ondricek
byMITRE ATT&CK
 
PPTX
STIX2-TAXII2_Update
byCyber Threat Intelligence Network (CTIN)
 
PDF
MITRE ATT&CK Updates: Software
byMITRE ATT&CK
 
PDF
State of ATT&CK
byAdam Pennington
 
PDF
What's New with ATTACK for ICS?
byMITRE - ATT&CKcon
 
PDF
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
PDF
C2 Matrix Anniversary - Blackhat EU 2020
byJorge Orchilles
 
PDF
MITRE Engenuity Center for Threat Informed Defense Impact Report 2022.pdf
byAdamAzrylJohan
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
PDF
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
PPTX
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
byDigit Oktavianto
 
PPTX
Homeland Open Security Technologies (HOST)
byJoshua L. Davis
 
PDF
SANS_Minneapolis_2015_ThreatIntelligence_NeighborhoodWatchForYourNetworks
byMatthew J. Harmon
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
byMITRE ATT&CK
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
byMITRE ATT&CK
 
Updates from the Center for Threat-Informed Defense
byMITRE ATT&CK
 
State of the ATT&CK May 2023
byAdam Pennington
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
byMITRE - ATT&CKcon
 
MITRE ATT&CK Updates: Software - Jared Ondricek
byMITRE ATT&CK
 
STIX2-TAXII2_Update
byCyber Threat Intelligence Network (CTIN)
 
MITRE ATT&CK Updates: Software
byMITRE ATT&CK
 
State of ATT&CK
byAdam Pennington
 
What's New with ATTACK for ICS?
byMITRE - ATT&CKcon
 
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
C2 Matrix Anniversary - Blackhat EU 2020
byJorge Orchilles
 
MITRE Engenuity Center for Threat Informed Defense Impact Report 2022.pdf
byAdamAzrylJohan
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
byDigit Oktavianto
 
Homeland Open Security Technologies (HOST)
byJoshua L. Davis
 
SANS_Minneapolis_2015_ThreatIntelligence_NeighborhoodWatchForYourNetworks
byMatthew J. Harmon
 

More from MITRE ATT&CK

PDF
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
PDF
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
PDF
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
PDF
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
PDF
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
PDF
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
PDF
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
PDF
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
PDF
The MITRE ATT&CK "Collection" Tactic is Missing Very Important Techniques: D...
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
PDF
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
PDF
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
PDF
From ATT&CK to CL&IM: Cyber Insurance Data Modeling using MITRE ATT&CK and be...
byMITRE ATT&CK
 
PDF
Lifecycle-Aware Power Side-Channel Malware Detection - Alexander Cathis
byMITRE ATT&CK
 
PDF
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
PDF
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
PDF
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
PDF
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
The MITRE ATT&CK "Collection" Tactic is Missing Very Important Techniques: D...
byMITRE ATT&CK
 
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
From ATT&CK to CL&IM: Cyber Insurance Data Modeling using MITRE ATT&CK and be...
byMITRE ATT&CK
 
Lifecycle-Aware Power Side-Channel Malware Detection - Alexander Cathis
byMITRE ATT&CK
 
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 

Recently uploaded

PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PPTX
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
UiPath Veterans Day Acknowledgement and Benefits
byDianaGray10
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
UiPath Veterans Day Acknowledgement and Benefits
byDianaGray10
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

ATT&CK Updates- ATT&CK's Open Source

  • 1.
    ATT&CK Software Updates Jared Ondricek ATT&CKSoftware Development Lead @jondrice /jondricek ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 2.
    Who am I •Lead DevOps Engineer • Automate all the things! • Manage some things: • ATT&CK website: attack.mitre.org • Navigator • Workbench • Public TAXII server • mitreattack-python library • GitHub presence ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 3.
    Website Updates: ICS ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 4.
    Website Updates: ICS ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 5.
    Website Updates: DetectionObjects ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 6.
    Website Updates: Campaigns ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 7.
    Website Updates: Search ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 8.
    Navigator Updates: SVGExport ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 9.
    Navigator Updates: SVGExport ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 10.
    Navigator Updates: CustomLinks ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 11.
    Navigator Updates: CustomLinks ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 12.
    Workbench Updates: Roadmap ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25 1.2.0 Authentication 1.3.0 ID Generation 1.5.0 Table Improvements 1.6.0 Notes Improvements 1.4.0 Sub-technique improvements
  • 13.
    TAXII Server Updates TAXII2.0 Server • cti-taxii.mitre.org • Already available • Documentation on GitHub /mitre/cti USAGE.md • STIX 2.0 only TAXII 2.1 Server • Coming May 2022 • Works with custom ATT&CK Workbench backend • REST API is OpenAPI compliant (dynamic docs) • Supports STIX 2.0 and 2.1 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 14.
    mitreattack-python • pip installmitreattack-python • Converts STIX to Excel • Converts STIX to Collections (for use with Workbench) • Manipulates ATT&CK Navigator layer files • Create dynamic, custom layers • Combine layers • Export layers (Excel, SVG) • Future: merge with mitre-attack/attack-scripts • Future: Convenience methods to connect to TAXII server ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 15.
    GitHub Updates • Toomany places to check • github.com/mitre/cti • github.com/mitre-attack • github.com/center-for-threat-informed-defense • Future: plan for centralized landing page to document all efforts ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25 TAXII server Workbench STIX 2.0 data STIX 2.1 data Python library Website source Collection Manager
  • 16.
    Conclusion • Website: Campaigns& better search • Navigator: Better exports & custom linking • Workbench: Steady improvements • TAXII 2.1 server: Customization & documentation • mitreattack-python: Merge with attack-scripts • GitHub: Central landing page ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25
  • 17.
    https://attack.mitre.org [email protected] @mitreattack Jared Ondricek @jondrice /jondricek ©2022 TheMITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 21-00706-25