/defending-iaas-with-attack

Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a methodology for creating technique collections.

Primary LanguageMakefileApache License 2.0Apache-2.0

MITRE ATT&CK® v11 build status

Defending IaaS with ATT&CK

Organizations using Infrastructure-as-a-Service (IaaS) need to identify the MITRE ATT&CK® techniques that are pertinent to that architecture, whether they affect container technology, virtual machines, or the cloud management control plane. The Defending IaaS with ATT&CK project consists of a collection of ATT&CK techniques that target a notional Linux IaaS architecture, as well as methodology to build custom collections that can be tailored to any unique organization and scenario. The Defending IaaS collection can be used as-is, or the methodology can be employed to develop entirely new collections.

Table Of Contents:

Getting Started

The best place to start is with the documentation: this will familiarize you with the project goals, the methodology, and the collection of techniques. For a deep dive, upgrade to the latest version of ATT&CK Workbench and use its new features to create your own collections.

Resource Description
Documentation Documentation for Defending IaaS with ATT&CK, including methodology and technical deep dive.
ATT&CK Workbench Upgrades to ATT&CK Workbench facilitate creating new collections for projects such as this one.
Defending IaaS Collection The collection of techniques in Excel format as well as a machine-readable format (STIX).

Getting Involved

There are several ways that you can get involved with this project and help advance threat-informed defense:

  • Review the collection using ATT&CK Navigator or ATT&CK Workbench. Navigator is the easiest way to get started, using the resource link above. If you are already a Workbench user, you will find that the latest version includes new capabilities that are helpful for creating custom collections.
  • Read the methodology. The Defending IaaS collection is helpful in its own right, but the methodology is provided so that organizations can create tailored collections to meet their own needs.
  • Build and share your own collections! This project provides the methodology and tools needed to build collections tailored to any need. You can build proprietary collections to use within your organization, or you can publish collections to benefit the community.

Questions and Feedback

Please submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.

Also see the guidance for contributors if are you interested in contributing or simply reporting issues.

Notice

Copyright 2022 MITRE Engenuity. Approved for public release. Document number CT0059.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use