Using MITRE ATT&CK™ in Threat Hunting and Detection
MITRE ATT&CK is an open framework and knowledge base of adversary tactics and techniques based on real-world observations ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviors.
This paper will introduce you to ATT&CK and related tools and resources based on ATT&CK Then it will discuss how to make practical use of ATT&CK with a focus on threat hunting
and detection