About MITRE Framework
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is an extensive knowledge base and methodology that provides insights into the tactics, techniques, and procedures (TTPs) distributed by threat actors aiming to harm systems. An ATT&CK is compiled as matrices, which each matrix representing an operating system or a particular platform. Each stage (known as tactic) of an attack is mapped to the specific method (technique) used to achieve that stage.
Note |
See https://attack.mitre.org for additional information about MITRE. |
Each technique in the ATT&CK framework contains information about the technique, associated procedures, probable defenses and detections, and real-world examples. MITRE is just another category of rule groups and is a part of the Talos rule groups. The MITRE ATT&CK framework also incorporates groups to refer to threat groups, activity groups, or threat actors based on the set of tactics and techniques they employ. The use of groups in the framework helps categorize and document behaviors.
The MITRE framework enables you to navigate through your intrusion rules. In your Snort 3 intrusion policy, you can navigate through several levels of rule groups that provide more flexibility and logical grouping of rules.