6 tools and resources
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
A tool for navigating and annotating ATT&CK matrices with the ability to define custom layers for specific views.
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.