The Center for Threat-Informed Defense, operated by MITRE EngenuityTM has released a new open-source tool called ATT&CK Workbench.
For too long, sophisticated users of MITRE ATT&CK® have struggled to integrate their organization’s local knowledge of cyber adversaries and their tactics, techniques, and procedures (TTPs) with the public ATT&CK knowledge base. In response to this, the center embarked on an R&D project sponsored by AttackIQ, HCA Healthcare, JP Morgan Chase, Microsoft, and Verizon to drastically reduce the barriers for defenders to ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base.
Workbench is an easy-to-use, open-source tool that allows organizations to manage and extend their own local version of ATT&CK and keep it in sync with the public knowledge base.
Workbench allows users to explore, create, annotate, and share extensions of ATT&CK. Organizations or individuals can use their own instances of the application to serve as the centerpiece of a customized version of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench, this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software.
Additionally, Workbench provides the means for a user to share their extensions with the greater ATT&CK community facilitating a greater level of collaboration within the community than is possible with current tools.
A new blog post by Isabel Tuson and Jon Baker describes the work in detail.