This location is central for efforts to align MITRE's ATT&CK(tm) Framework to the ODNI Common Threat Framework. The objective is for consideration of incorporation of the findings within by the MITRE ATT&CK(tm) team.
MITRE ATT&CK(tm) is the most comprehensive set of tactics & techniques publicly available. The best benefit of this would be it's ability to align to a threat framework, enabling prioritization based on impied severity. However, the MITRE Adversary Lifecycle(tm) is relatively incomplete and after many attempts incapable of aligning clearly to the lifecycle.
Additionally, as mroe and mroe vendors and security researchers adopt the MITRE ATT&CK framework there is a lack of context. This gap exists, and eventually proprietary lifecycles will fragment and disjoint the construct, creating analysis methodologies that are not extensible.
This project intends to represent the alignment of the ODNIC Common Cyber Threatframework with MITRE's current (as of 11/13/2018) enterprise ATT&CK model.
The method of completion was/is as follows:
- Capture ODNI Stage Definitions (Preparation, Engagement, Presence, Effect/Consequence) 1a. Note: Prepration is covered within pre-ATT&CK(tm) and therefore not represented in the results
- Pull down MITRE Technique Definitions
- Per Technique, assign a primary ODNI CTF Stage and a secondary when required per term definitions
- Color code pulled down Navigator to represent the findings
- Leverage the outcome to add non-trademark threat framework enrichment to MITRE enterprise ATT&CK
- Assess the completeness of the MITRE enterprise ATT&CK(tm) framework per quantified activities within each Stage
This is meant to be a shareable project, therefore the initial documents are intended for discussion and free for use and replication as you see fit. Feedback is encouraged! Ownership is preferred :)