Blog post - The ATT&CK Rainbow of Tactics

Post-Image

Blog post - The ATT&CK Rainbow of Tactics

I’ve been a huge fan of MITREs ATT&CK framework ever since its release. It has been of enormous value to the whole InfoSec community and it will hopefully continue to remain so for a long long time.

We’re on the verge of one of the biggest overhauls since its release, the introduction of sub-techniques, or when you read this they might be out already. I personally believe this is a great step forward. This introduction will cause everyone to do a big overhaul of their detection tagging and improvement of their ruleset.

On the positive side it will also bring a lot more clarity and granularity and it will bring more insight to a lot of people of possible attack techniques they weren’t aware of before.

As some of you know I’m quite a visual person and one of my projects is a Splunk application for ThreatHunting which is heavily ATT&CK focussed.

I’ve been building some new dashboard visualisations like the screenshot below. Soon I realised there was a lack of a proper color scheme that would assist in quickly understanding impact and importance. One way of doing this is would be by tactic.

Cross post from medium.com, please read the full article here:

https://medium.com/falconforce/the-att-ck-rainbow-of-tactics-5eb6f0bddebe