Compliance & Frameworks
MITRE ATT&CK
Also known as: ATT&CK, MITRE ATT&CK Framework
Definition
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a curated, regularly updated knowledge base that describes how attackers operate against enterprises, mobile devices, and industrial control systems. It organises behaviour into tactics (the attacker's goals, such as Initial Access or Exfiltration) and techniques and sub-techniques (the methods used), and links them to threat groups, software, and mitigations. Although not a compliance framework, ATT&CK has become a de facto industry reference for threat-informed defence, used for SOC detection engineering, red and purple teaming, threat-intelligence sharing, and gap assessments against frameworks like NIST CSF.
Examples
- A SOC mapping its detection rules to ATT&CK techniques to identify coverage gaps.
- A threat-intel team tagging APT reports with ATT&CK technique IDs.
Related terms
MITRE D3FEND
A MITRE knowledge graph of defensive cybersecurity countermeasures and the digital artifacts they observe or modify, complementing MITRE ATT&CK.
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
Tactics, Techniques and Procedures (TTPs)
Tactics, Techniques and Procedures (TTPs) — definition coming soon.
Threat Hunting
Threat Hunting — definition coming soon.
Advanced Persistent Threat (APT)
Advanced Persistent Threat (APT) — definition coming soon.
Indicator of Compromise (IoC)
Indicator of Compromise (IoC) — definition coming soon.