Contents x
ATT&CK Visualizer Overview
  • 10 Jan 2024
  • 2 Minutes to read
  • Print
  • Dark
    Light
Contents

ATT&CK Visualizer Overview

  • Updated on 10 Jan 2024
  • 2 Minutes to read
  • Print
  • Dark
    Light
Article Summary

Overview

The MITRE ATT&CK® framework is a knowledge base that uses metadata codes to standardize and classify adversary goals (tactics) and offensive actions (techniques). With the ThreatConnect® ATT&CK® Visualizer, you can create standard ATT&CK views  that show tactics, techniques, and sub-techniques in the MITRE ATT&CK Enterprise Matrix used by one or more ThreatConnect Group objects. Doing so reveals shared tactics, techniques, and procedures (TTPs) among the Groups and allows you to identify the prevalence of those TTPs. In addition, you can import ATT&CK views created in the MITRE ATT&CK Navigator into the ATT&CK Visualizer, allowing you to use ThreatConnect as a centralized platform for your ATT&CK views and enabling your security teams to collaborate more effectively when evaluating and optimizing your organization’s cybersecurity strategy.

Organization Administrators can use the ATT&CK Visualizer to assign security coverage to specific techniques and sub-techniques for their Organization. Once security coverage is assigned for your Organization, you can evaluate the strengths and weaknesses for specific techniques and sub-techniques, identify gaps in security coverage, and enhance your defense strategies with precision. In addition, you and other users in your Organization can overlay the security coverage map onto any ATT&CK view and identify which techniques and sub-techniques have coverage and which ones may need attention.

After you build out an ATT&CK view, you can save it so that you and other users in your Organization can access it on the ATT&CK screen. You can also export ATT&CK views as PNG or JSON files that you can then share with teammates, executives, and stakeholders to promote collaboration and knowledge sharing across your organization.

Note
As of December 14, 2023, the ThreatConnect ATT&CK Visualizer supports MITRE ATT&CK v14.1.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for accessing the ATT&CK Visualizer, creating ATT&CK views, adding Groups to and removing them from ATT&CK views, opening saved ATT&CK views, exporting ATT&CK views, and viewing security coverage assigning to techniques and sub-techniques for your Organization)
  • Organization role of Standard User (for applying ATT&CK Tags to an object, saving ATT&CK views, saving copies of saved ATT&CK views, saving changes to saved ATT&CK views, updating a saved ATT&CK view’s name and description, deleting saved ATT&CK views, and importing ATT&CK views)
  • Organization role of Organization Administrator (for accessing the Assign Coverage view and assigning security coverage to techniques and sub-techniques for the Organization)
  • System role of Administrator (for adding owners to ATT&CK Tag conversion rules)
PrerequisitesTo view a Group’s techniques and sub-techniques with the ATT&CK Visualizer, ATT&CK Tags representing those techniques and sub-techniques must be applied to the Group
Note
ThreatConnect instances on version 7.2 or newer will have a Content Pack containing ATT&CK Tag data installed automatically. For instances with CAL™ turned on, ATT&CK Tags will be created and updated automatically based on the ATT&CK Tag data stored in CAL; for instances with CAL turned off, ATT&CK Tag data will be created and updated automatically based on the data included in the Content Pack.

ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.

20151-01 v.03.A

Was this article helpful?
What's Next
Company
Sales and Support
Follow Us
© 2012–2023 ThreatConnect, Inc. All Rights Reserved.