ATT&CK Visualizer

Overview

The MITRE ATT&CK^® framework is a knowledge base that uses metadata codes to standardize and classify adversary goals (tactics) and offensive actions (techniques). The ThreatConnect^® ATT&CK^® Visualizer lets you analyze specific techniques and sub-techniques in the MITRE ATT&CK Enterprise Matrix with the following features:

• Standard ATT&CK Views: You can create standard ATT&CK views that display MITRE ATT&CK Enterprise tactics, techniques, and sub-techniques used by one or more Groups and reveal shared tactics, techniques, and procedures (TTPs) among the Groups and the prevalence of those TTPs.
• Imported ATT&CK Views: You can import ATT&CK views created in the MITRE ATT&CK Navigator into ThreatConnect. This allows you to use ThreatConnect as a centralized platform for your ATT&CK views and enables your security teams to collaborate more effectively when evaluating and optimizing your organization’s cybersecurity strategy.
• ATT&CK Security Coverage: Organization Administrators can assign security coverage to specific techniques and sub-techniques for their Organization. This enables you to evaluate the strengths and weaknesses of specific techniques, identify gaps in security coverage, and enhance your defense strategies with precision. After you assign security coverage in the ATT&CK Visualizer, you and other users in your Organization can use the Security Coverage overlay for standard and imported ATT&CK views to identify which techniques have coverage and which ones may require attention.
• ATT&CK RQ Financial Impact: This feature, powered by ThreatConnect Risk Quantifier (RQ), shows the relative amount of potential financial loss from an attack on your company using a particular technique or set of techniques. You can use this information to deepen your understanding of the financial risk that a given threat actor group or malware family, among other things, may pose to your company and make more informed decisions. After the ATT&CK RQ Financial Impact feature has been enabled and configured and data from ThreatConnect RQ have been populated, you can use the Financial Impact overlay to display Financial Impact data in standard ATT&CK views.

In This Series

• Accessing the ATT&CK Visualizer: Learn how to access the ATT&CK Visualizer in ThreatConnect.
• ATT&CK Views: Learn about the different types of ATT&CK views available in ThreatConnect.
  • Standard ATT&CK Views: Learn how to create standard ATT&CK views and analyze and manage them in the ATT&CK Visualizer.
  • Imported ATT&CK Views: Learn how to import ATT&CK views created in the MITRE ATT&CK Navigator and analyze and manage them in the ATT&CK Visualizer.
• Visualizing ATT&CK Tactics, Techniques, and Sub-techniques: Learn about the ATT&CK Visualizer layout and how to view details for specific techniques and sub-techniques.
• Viewing and Managing Saved ATT&CK Views: Learn how to view and manage all saved standard and imported ATT&CK views in your Organization.
• ATT&CK Security Coverage: Learn how to assign security coverage to techniques and sub-techniques for your Organization and use the Security Coverage overlay in the ATT&CK Visualizer.
• ATT&CK RQ Financial Impact: Learn how to configure ATT&CK RQ Financial Impact and use the Financial Impact overlay in the ATT&CK Visualizer.
• ATT&CK Tags: Learn about ATT&CK Tags in ThreatConnect and how to configure ATT&CK Tag conversion rules.

ThreatConnect^® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.
MITRE ATT&CK^® and ATT&CK^® are registered trademarks of The MITRE Corporation.

20151-01 v.04.A