Getting Started with ATT&CK

October 2019
Topics: Threat-informed Defense, Cyber Threat Intelligence, Cybersecurity, Network Security
Andy Applebaum, The MITRE Corporation
Kathryn C. Nickels, The MITRE Corporation
Tim Schulz, The MITRE Corporation
Blake E. Strom, The MITRE Corporation
John Wunder, The MITRE Corporation
Adam G. Pennington, Editor, The MITRE Corporation
Download PDF (11.97 MB)

Over the last several years, the MITRE ATT&CK™ framework has been adopted widely by the cybersecurity world. Despite the many resources available on ATT&CK, however, the development team realized that people new to the framework might appreciate some guidance on taking their first steps.

That’s why during summer 2019 the team decided to write a series of blog posts around getting started with ATT&CK, focusing on four primary use cases. For each use case, the authors laid out advice on how an organization could get started with ATT&CK based on available resources and overall maturity.

This publication pulls together their collective wisdom, originally posted on Medium, into a single package.

Explore more at MITRE Focal Point: Threat-Informed Defense.


Publication Search