-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Stay in sync with ATT&CK.
Many organizations and cyber defenders, including the Center for Threat-Informed Defense, build projects that depend in some way on MITRE ATT&CK®. Some projects map security control frameworks to ATT&CK techniques, while others consume ATT&CK data for search and display purposes. These projects typically depend on a specific release of ATT&CK – generally whatever version of ATT&CK was current at the time that the project was being developed. The ATT&CK team has a semiannual release cadence and, as new versions of ATT&CK come out, these projects fall behind and become out-of-date. The ATT&CK team publishes release notes and a script for comparing two versions of ATT&CK, which are a helpful start for consuming ATT&CK upgrades, but leave some room for further efficiencies. This led the Center to consider: how can existing projects be migrated from older versions of ATT&CK to the latest version, and how can this be done in an efficient manner?
Jump to the ATT&CK Sync Website.
The ATT&CK Sync project was developed to address these challenges in order to perform the ATT&CK version upgrade process more efficiently. The ATT&CK Sync project provides tools and a methodology that organizations can use to maintain currency with the latest version of ATT&CK, saving time and effort. By staying up to date on ATT&CK releases, organizations around the world can keep their threat-informed defense timely and relevant to emerging threats.
The project includes the following resources:
Resource | Description |
---|---|
ATT&CK Sync Website | An interactive website for detailed comparisons between ATT&CK versions. |
Project Wiki | The wiki contains project documentation: goals, tools, and methodology. |
Case Study | Case study measuring efficiency gained from using ATT&CK Sync. |
Sample JSON Changelog | A sample machine-readable ATT&CK changelog. |
Sample Excel Mappings | A sample mappings spreadsheet annotated with ATT&CK changes. |
While the ATT&CK Sync project is focused on assisting any organization to update their existing projects that incorporate ATT&CK data sources to newer versions of ATT&CK, projects may have unique needs. There may be a need to customize the way the changelog is used, and custom code may need to be written to process the changelog. To help meet these needs for customization, the underlying code of the ATT&CK Sync Diff Tool is also available.