Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.
Paste .json file contents into the "Threat Intelligence" dropdown on the Threat Alignment page of the open-source Control Validation Compass project, to instantly surface technical & policy controls and offensive security tests aligned with these techniques.
The following heatmap sets are currently available:
- June 2022: Stealer Malware Roundup
- April 2022: CISA Alert AA22-110A
- March 2022: Red Canary 2022 Threat Detection Report
- March 2022: Recorded Future 2021 Malware and TTP Threat Landscape
- March 2022: Russia TTP Mappings
- December 2021: Recorded Future 5 Common Ransomware ATT&CK Techniques
Want to learn more about using ATT&CK Navigator to visualize TTP intelligence? See the MITRE ATT&CK CTI Training here, and ATT&CK Navigator documentation here.
Unless otherwise noted, heatmaps will use the following base ATT&CK Navigator settings:
{
"name": "base",
"versions": {
"attack": "11",
"navigator": "4.6.1",
"layer": "4.3"
},
"domain": "enterprise-attack",
"description": "",
"filters": {
"platforms": [
"Linux",
"macOS",
"Windows",
"PRE",
"Containers",
"Network",
"Office 365",
"SaaS",
"Google Workspace",
"IaaS",
"Azure AD"
]
},
"sorting": 0,
"layout": {
"layout": "side",
"aggregateFunction": "max",
"showID": false,
"showName": true,
"showAggregateScores": true,
"countUnscored": false
},
"hideDisabled": false,
"techniques": [],
"gradient": {
"colors": [
"#ffffff",
"#ff6666"
],
"minValue": 0,
"maxValue": 1
},
"legendItems": [],
"metadata": [],
"links": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true,
"selectSubtechniquesWithParent": false
}
MITRE ATT&CK® is a registered trademark of The MITRE Corporation