by Keith McCammon

less than 1 minute read

This Google Sheets template aims to make it easy to perform simple, measurable testing of MITRE ATT&CK techniques using Atomic Red Team or an adversary emulation solution of your choosing.

alt

To get started:

  1. Choose the technique that you wish to test. To help prioritize your testing, incorporate rankings from public threat reports, your own intelligence, or any other mechanism that you choose. The top techniques from Red Canary’s annual Threat Detection Report are incorporated into this template for convenience.
  2. Select a corresponding Atomic Red Team test. You can search for or browse tests by tactic, technique, or target platform here.

  3. Document whether the test was:

    • Observed in any manner, from system logs to network events
    • Detected by any of your controls, which could be SIEM analytics, alerts from any of your security products, or activity detected by partners or service providers
    • Mitigated by an existing secuirty control

This is based on the “ATT&CK in Excel” spreadsheet provided by MITRE, one of several resources for working with ATT&CK. It is based on the ATT&CK v12.1 release.

Get the template!

Discussion on LinkedIn, Twitter

Categories:

Updated:

You May Also Enjoy

Improving CISA KEV data integrity

3 minute read

tl;dr - Sometimes CISA removes Known Exploited Vulnerabilities catalog records. It would be awesome if they marked them as withdrawn and/or superseded instead.

When your product becomes a feature

3 minute read

Having spent a few years using, maintaining, and building security products of every conceivable shape and size, it’s become apparent how uniquely risky it is to invest in building cloud[1] security products.