-
Notifications
You must be signed in to change notification settings - Fork 421
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
194 additions
and
154 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,32 @@ | ||
| # CTI | ||
|
|
||
| This repository contains the MITRE ATT&CK® and CAPEC™ datasets expressed in STIX 2.0. See [USAGE](USAGE.md) or [USAGE-CAPEC](USAGE-CAPEC.md) for information on using this content with [python-stix2](https://github.com/oasis-open/cti-python-stix2). | ||
|
|
||
| If you are looking for ATT&CK represented in STIX 2.1, please see the [attack-stix-data](https://github.com/mitre-attack/attack-stix-data) GitHub repository. Both MITRE/CTI (this repository) and attack-stix-data will be maintained and updated with new ATT&CK releases for the foreseeable future, but the data model of attack-stix-data includes quality-of-life improvements not found on MITRE/CTI. Please see the [attack-stix-data USAGE document](https://github.com/mitre-attack/attack-stix-data) for more information on the improved data model of that repository. | ||
|
|
||
| ## ATT&CK | ||
|
|
||
| MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. | ||
|
|
||
| https://attack.mitre.org | ||
| <https://attack.mitre.org> | ||
|
|
||
| ## CAPEC | ||
|
|
||
| Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attacks employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses. | ||
|
|
||
| - Focuses on application security | ||
| - Enumerates exploits against vulnerable systems | ||
| - Includes social engineering / supply chain | ||
| - Associated with Common Weakness Enumeration (CWE) | ||
| - Focuses on application security | ||
| - Enumerates exploits against vulnerable systems | ||
| - Includes social engineering / supply chain | ||
| - Associated with Common Weakness Enumeration (CWE) | ||
|
|
||
| https://capec.mitre.org/ | ||
| <https://capec.mitre.org/> | ||
|
|
||
| ## STIX | ||
|
|
||
| Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI). | ||
|
|
||
| STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. | ||
|
|
||
| STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more. | ||
|
|
||
| https://oasis-open.github.io/cti-documentation/ | ||
| <https://oasis-open.github.io/cti-documentation/> |
Oops, something went wrong.