Mitre has introduced an open-source tool that seeks to help organizations ensure that their threat intelligence and tactics, techniques and procedures are aligned with the ATT&CK knowledge base, a framework of tactics and techniques used by threat defenders to classify cyberattacks and assess and organization’s risk.
The ATT&CK Workbench enables users to create, explore, annotate and share extensions of their local knowledge of cyber adversaries with the greater ATT&CK user community to facilitate collaboration, Jon Baker, director of research and development for the Center for Threat-Informed Defense at Mitre Engenuity, wrote in an article posted Tuesday.
Workbench comes with note-taking capabilities to allow users to annotate their copies of ATTT&CK. Notes could enable users to share informal knowledge within an organization, record potential knowledge and facilitate collaboration in development workflows.
The tool could allow users to create and extend ATT&CK data in a local knowledge base and Baker said such a capability enables several uses cases, such as documenting groups or software that target a specific organization, forming red-team techniques and creating a matrix with new tactics and techniques outside of the ATT&CK knowledge base’s scope.
With Workbench, users can tag objects as “reviewed,” “awaiting review” or work in progress and explore the history of an object to track changes.
The Center for Threat-Informed Defense developed the tool through a research project sponsored by Verizon, Microsoft, JPMorgan Chase, HCA Healthcare and AttackIQ.