MA
Uploaded byMITRE ATT&CK
PDF, PPTX106 views

MITRE ATT&CK Updates: Software - Jared Ondricek

The document outlines updates to the MITRE ATT&CK® software, highlighting significant changes such as the retirement of the TAXII 2.0 server and the introduction of the TAXII 2.1 server, which will serve STIX 2.1 data. It also details enhancements to ATT&CK Navigator, including a new review checkbox and a redesigned user interface, as well as updates to the website and ATT&CK data model. Future developments include process improvements for the workbench and a transition to a modern framework for the website.

Embed presentation

Download as PDF, PPTX
MITRE ATT&CK® Updates: Software Jared Ondricek, ATT&CK Software Development Lead, MITRE @jondrice /jondricek © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
Who Am I • ATT&CK Software Development Lead • Open Source advocate • My team manages • attack.mitre.org • ATT&CK Navigator • ATT&CK Workbench • TAXII server • mitreattack-python library • STIX representation of ATT&CK © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
A Year of Progress ATT&CK Data Model TAXII Server ATT&CK Navigator ATT&CK Workbench ATT&CK Website © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
TAXII server(s) • TAXII 2.0 server will retire on December 18, 2024 • 56 days from today! • Has had 6+ years of use • TAXII 2.1 server • Docs: https://github.com/mitre- attack/attack-workbench-taxii-server • API: https://attack-taxii.mitre.org/api-docs • Serves STIX 2.1 only • Technical details in blog post • Level of effort to update: start today! https://medium.com/mitre-attack/introducing-taxii-2- 1-and-a-fond-farewell-to-taxii-2-0-d9fca6ce4c58 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
ATT&CK Navigator • New “mark all as reviewed” checkbox when upgrading a layer file from previous ATT&CK version • Huge time saver/QoL improvement! • New configurable ribbon toolbar layout • Updated data source is now STIX 2.1 collection index instead of STIX 2.0 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
Website Updates • Updated Resources section • More modern look & feel • Added seven trainings to Trainings page • Freely available on YouTube • Added filter by Domain option to Data Sources © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
ATT&CK Data Model: Background • Why you should care • Current Usage document for STIX structure difficult to manually maintain and update © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
ATT&CK Data Model https://mitre-attack.github.io/attack-data-model/ © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
ATT&CK Data Model © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
ATT&CK Data Model: NPM package npm config set @mitre-attack:registry https://npm.pkg.github.com npm install @mitre-attack/attack-data-model@1.0.0-rc.1 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
ATT&CK Workbench • Global search in sidebar • Searches entire Workbench site • Contributors page • Quickly find and update contributor information across all ATT&CK/STIX objects • Link to all objects contributed to © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
What’s Next? Workbench process improvements: reduce release complexity Update website: Move away from legacy templates towards modern framework STIX: (New!) Platform objects, Datacomponents get ATT&CK IDs, changes to defensive objects structure ATT&CK Data Model 1.0 All ATT&CK tooling and documentation uses STIX 2.1 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
https://attack.mitre.org attack@mitre.org @mitreattack Jared Ondricek @jondrice @jondricek © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.

More Related Content

PDF
ATT&CK Updates- ATT&CK's Open Source
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Software
byMITRE ATT&CK
 
PDF
State of the ATT&CK May 2023
byAdam Pennington
 
PDF
What's New with ATTACK for ICS?
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
byMITRE - ATT&CKcon
 
PDF
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
PDF
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
PDF
State of ATT&CK
byAdam Pennington
 
ATT&CK Updates- ATT&CK's Open Source
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Software
byMITRE ATT&CK
 
State of the ATT&CK May 2023
byAdam Pennington
 
What's New with ATTACK for ICS?
byMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
byMITRE - ATT&CKcon
 
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
State of ATT&CK
byAdam Pennington
 

Similar to MITRE ATT&CK Updates: Software - Jared Ondricek

PDF
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
PDF
MITRE A-TAK Design Philosophy
bytom termini
 
PDF
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
PDF
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CK framework and Managed XDR Position Paper
byMarc St-Pierre
 
PDF
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
byMITRE ATT&CK
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CK Updates: ICS
byMITRE ATT&CK
 
PDF
Updates from the Center for Threat-Informed Defense
byMITRE ATT&CK
 
PPTX
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
byHarry McLaren
 
PDF
State of the ATT&CK
byMITRE ATT&CK
 
PDF
Introduction to MITRE’s ATT&CK Framework.pdf
byseyohah504
 
PDF
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
byKatie Nickels
 
PDF
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
PDF
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
byMITRE - ATT&CKcon
 
PDF
Automation: The Wonderful Wizard of CTI (or is it?)
byMITRE ATT&CK
 
PDF
MITRE ATTACKcon Power Hour - October
byMITRE - ATT&CKcon
 
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
MITRE A-TAK Design Philosophy
bytom termini
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
byMITRE ATT&CK
 
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
MITRE ATT&CK framework and Managed XDR Position Paper
byMarc St-Pierre
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
byMITRE ATT&CK
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
byMITRE - ATT&CKcon
 
MITRE ATT&CK Updates: ICS
byMITRE ATT&CK
 
Updates from the Center for Threat-Informed Defense
byMITRE ATT&CK
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
byHarry McLaren
 
State of the ATT&CK
byMITRE ATT&CK
 
Introduction to MITRE’s ATT&CK Framework.pdf
byseyohah504
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
byKatie Nickels
 
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
byMITRE - ATT&CKcon
 
Automation: The Wonderful Wizard of CTI (or is it?)
byMITRE ATT&CK
 
MITRE ATTACKcon Power Hour - October
byMITRE - ATT&CKcon
 

More from MITRE ATT&CK

PDF
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
PDF
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
PDF
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
PDF
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
PDF
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
PDF
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 
PDF
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
PDF
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
PDF
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
PDF
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
PDF
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
PDF
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
PDF
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
PDF
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
PDF
Lifecycle-Aware Power Side-Channel Malware Detection - Alexander Cathis
byMITRE ATT&CK
 
PDF
From ATT&CK to CL&IM: Cyber Insurance Data Modeling using MITRE ATT&CK and be...
byMITRE ATT&CK
 
PDF
The MITRE ATT&CK "Collection" Tactic is Missing Very Important Techniques: D...
byMITRE ATT&CK
 
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
Lifecycle-Aware Power Side-Channel Malware Detection - Alexander Cathis
byMITRE ATT&CK
 
From ATT&CK to CL&IM: Cyber Insurance Data Modeling using MITRE ATT&CK and be...
byMITRE ATT&CK
 
The MITRE ATT&CK "Collection" Tactic is Missing Very Important Techniques: D...
byMITRE ATT&CK
 

Recently uploaded

PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PPTX
Career-Opportunities in Industrial Arts Grade 8 PPT Lesson 2
byFSBTLEDNathanVince
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Career-Opportunities in Industrial Arts Grade 8 PPT Lesson 2
byFSBTLEDNathanVince
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 

MITRE ATT&CK Updates: Software - Jared Ondricek

  • 1.
    MITRE ATT&CK® Updates: Software JaredOndricek, ATT&CK Software Development Lead, MITRE @jondrice /jondricek © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 2.
    Who Am I •ATT&CK Software Development Lead • Open Source advocate • My team manages • attack.mitre.org • ATT&CK Navigator • ATT&CK Workbench • TAXII server • mitreattack-python library • STIX representation of ATT&CK © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 3.
    A Year ofProgress ATT&CK Data Model TAXII Server ATT&CK Navigator ATT&CK Workbench ATT&CK Website © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 4.
    TAXII server(s) • TAXII2.0 server will retire on December 18, 2024 • 56 days from today! • Has had 6+ years of use • TAXII 2.1 server • Docs: https://github.com/mitre- attack/attack-workbench-taxii-server • API: https://attack-taxii.mitre.org/api-docs • Serves STIX 2.1 only • Technical details in blog post • Level of effort to update: start today! https://medium.com/mitre-attack/introducing-taxii-2- 1-and-a-fond-farewell-to-taxii-2-0-d9fca6ce4c58 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 5.
    ATT&CK Navigator • New“mark all as reviewed” checkbox when upgrading a layer file from previous ATT&CK version • Huge time saver/QoL improvement! • New configurable ribbon toolbar layout • Updated data source is now STIX 2.1 collection index instead of STIX 2.0 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 6.
    Website Updates • UpdatedResources section • More modern look & feel • Added seven trainings to Trainings page • Freely available on YouTube • Added filter by Domain option to Data Sources © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 7.
    ATT&CK Data Model:Background • Why you should care • Current Usage document for STIX structure difficult to manually maintain and update © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 8.
    ATT&CK Data Model https://mitre-attack.github.io/attack-data-model/ ©2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 9.
    ATT&CK Data Model ©2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 10.
    ATT&CK Data Model:NPM package npm config set @mitre-attack:registry https://npm.pkg.github.com npm install @mitre-attack/attack-data-model@1.0.0-rc.1 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 11.
    ATT&CK Workbench • Globalsearch in sidebar • Searches entire Workbench site • Contributors page • Quickly find and update contributor information across all ATT&CK/STIX objects • Link to all objects contributed to © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 12.
    What’s Next? Workbench processimprovements: reduce release complexity Update website: Move away from legacy templates towards modern framework STIX: (New!) Platform objects, Datacomponents get ATT&CK IDs, changes to defensive objects structure ATT&CK Data Model 1.0 All ATT&CK tooling and documentation uses STIX 2.1 © 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.
  • 13.
    https://attack.mitre.org attack@mitre.org @mitreattack Jared Ondricek @jondrice @jondricek © 2024The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00779-12.