Home/Glossary/MITRE ATT&CK Framework

MITRE ATT&CK Framework

A globally accessible knowledge base of adversary tactics, techniques, and procedures mapped to the attack lifecycle.

Risk & ResilienceAlso called: "mitre attack framework", "att&ck matrix"

MITRE ATT&CK organizes how adversaries operate so defenders can align detections, controls, and testing to real-world behavior.

How teams use ATT&CK

  • Gap analysis: map current detections to coverage gaps.
  • Purple teaming: simulate techniques to test controls.
  • Threat intelligence: enrich incidents with adversary context.

Helpful resources

  • Enterprise matrix for traditional and cloud environments.
  • Managed services navigator for mapping controls to ATT&CK.
  • Regular updates from MITRE’s open-source community.

Related Tools

Related Articles

View all articles
Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Master threat modeling with STRIDE and DREAD frameworks to identify, classify, and prioritize security threats before they become vulnerabilities. This comprehensive guide covers data flow diagrams, mitigation mappings, MITRE ATT&CK integration, and building an enterprise threat modeling program.

Read article →
SOC Alert Triage & Investigation Workflow | Complete Guide

SOC Alert Triage & Investigation Workflow | Complete Guide

Master the complete SOC alert triage lifecycle with this practical guide covering SIEM alert handling, context enrichment, threat intelligence correlation, MITRE ATT&CK mapping, and incident escalation. Learn industry frameworks from NIST, SANS, and real-world best practices to reduce MTTC by 90% and eliminate alert fatigue.

Read article →
How to use ATT&CK for red teaming?

How to use ATT&CK for red teaming?

Learn how red teams leverage MITRE ATT&CK to plan exercises, document assessments, and evaluate organizational defense capabilities.

Read article →
What are ATT&CK tactics vs techniques?

What are ATT&CK tactics vs techniques?

Understand the distinction between tactics and techniques in MITRE ATT&CK, and how each level contributes to threat analysis.

Read article →

Explore More Risk & Resilience

View all terms

Business Impact Analysis (BIA)

An assessment that identifies critical business processes and quantifies the impact of their disruption.

Read more →

Cyber Insurance

Insurance coverage that protects organizations against financial losses from cyberattacks and data breaches.

Read more →

Data Breach Cost

The total financial impact of a security incident, including detection, response, notification, and long-term damages.

Read more →

Incident Response Plan (IRP)

A documented, tested approach for detecting, containing, and recovering from cybersecurity incidents.

Read more →

Ransomware

Malware that encrypts systems or exfiltrates data, demanding payment to restore access or prevent disclosure.

Read more →

Recovery Point Objective (RPO)

The maximum acceptable amount of data loss measured in time, defining how far back systems must be restored after an incident.

Read more →
Back to glossary