MITRE ATT&CK App Overview
  • 23 Jan 2024
  • 1 Minute to read
  • Dark

MITRE ATT&CK App Overview

  • Dark

Article summary


The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework is a knowledge base that uses metadata codes to standardize and classify adversary goals (tactics) and offensive actions (techniques). The framework also classifies software tools and capabilities (software) and sets of related intrusion activity (groups). Users can enrich objects in ThreatConnect with Enterprise ATT&CK metadata via the Tags provided in the MITRE ATT&CK Source.

For more information about MITRE ATT&CK®, see the following resources:

The articles in this category describe how to install the MITRE ATT&CK App via TC Exchange™, deploy the MITRE ATT&CK Source feed in ThreatConnect®, and view data created by the App.

If you are on a ThreatConnect instance with version 7.2 or newer installed and use the MITRE ATT&CK App version 2.0.3 or newer, the App will use system-generated ATT&CK Tags to identify techniques and sub-techniques associated with Intrusion Set, Malware, Tactic, and Tool Groups. This enables you to leverage the ThreatConnect ATT&CK Visualizer to further analyze the tactics, techniques, and procedures (TTPs) associated with Groups of those types.
By default, the MITRE ATT&CK 2.0.x App overwrites all metadata (i.e., Attributes, Tags, Security Labels, Descriptions, etc.) for Groups in the selected owner that are included in the MITRE ATT&CK Source feed and deletes Groups that are not included in the Source feed when the corresponding Job runs. To prevent Groups that are not included in the MITRE ATT&CK Source feed from being deleted when the Job runs, set the Job's Advanced Settings parameter to delete_enabled=false, as detailed in MITRE ATT&CK Manual Job Configuration (Advanced Users Only).

Before You Start

Minimum Role(s)
  • System and Organization role of Read Only User for viewing data in the MITRE ATT&CK Source feed
  • System role of Administrator for installing the MITRE ATT&CK 2.0.App and deploying the MITRE ATT&CK Source feed
  • Organization role of Organization Administrator for creating and configuring a Job for the MITRE ATT&CK App in an Organization (advanced users only)
  • System role of Accounts Administrator for adding the MITRE ATT&CK Source to multiple Organizations

ThreatConnect® is a registered trademark, and TC Exchange™ is a trademark, of ThreatConnect, Inc.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.

20119-01 v.04.A

Was this article helpful?