MITRE ATT&CK Framework Map

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework is a curated knowledge base and model for cyber-adversary behavior that reflects the various phases of the attack lifecycle, and the platforms that attackers are known to target.

The ATT&CK behavior model provides a way to classify attacks in a clear, consistent manner, making it easier for security professionals to find how an adversary exploited their endpoints, compromised their accounts, and penetrated their networks. 

Coverage for 97%


Vectra's Mitre coverage can be visualized in the Web App below. First, download the Vectra Mitre Coverage Layer for Navigator.json file. Then, in the Web App, click the + sign next to the layer tab and upload the Vectra layer file. Consult the legend to see how the colors map to coverage.


Users looking to leverage Mitre mapping in custom scripts or in a SIEM may find the following map between Vectra detections and Mitre Techniques useful, Vectra Detections to Mitre Technique Map.json .


Monthly software updates to the Cognito platform add new algorithms and enhancements continue to expand Vectra's coverage against Mitre techniques. Additionally, the ATT&CK framework is updated multiple times per year by MITRE. Check back regularly for updates and changes. 



Was this article helpful?
4 out of 4 found this helpful

Download PDF


Article is closed for comments.