Attack Flow.

A MITRE Engenuity Center for Threat-Informed Defense language and toolset for describing how adversaries chain techniques into multi-step operations, complementing ATT&CK's per-technique catalog with sequencing and decision logic. サイバーセキュリティの 防御と運用 カテゴリに属します。

A MITRE Engenuity Center for Threat-Informed Defense language and toolset for describing how adversaries chain techniques into multi-step operations, complementing ATT&CK's per-technique catalog with sequencing and decision logic.

Attack Flow is a STIX-extensible language and authoring tooling released by MITRE Engenuity's Center for Threat-Informed Defense in 2022, with version 2 in 2023. Its goal is to capture the missing piece between ATT&CK techniques and full incident narratives: how an adversary actually sequences techniques across an intrusion, including conditions, branches, and parallel paths. An Attack Flow document models an operation as a directed graph of `attack-action` (a technique execution) and `attack-condition` nodes, with linked `attack-asset` (targeted resources) and `attack-operator` (AND/OR/XOR) elements. The CTID publishes a public corpus of Attack Flows for real incidents (Conti, SolarWinds, NotPetya, Triton, REvil, etc.) and ships a web-based authoring tool (Attack Flow Builder). Use cases include threat-intelligence sharing in a machine-readable form richer than ATT&CK alone, building synthetic intrusion narratives for detection engineering, and helping defenders reason about which techniques to disrupt to break a likely chain.

Attack Flow に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: MITRE Attack Flow, Attack Flow Language。