Updated June 2024 to support ATT&CK v15.1.

This Google Sheets template aims to make it easy to perform simple, measurable testing of MITRE ATT&CK techniques using Atomic Red Team or an adversary emulation solution of your choosing.

alt

To get started:

  1. Choose the technique that you wish to test. To help prioritize your testing, incorporate rankings from public threat reports, your own intelligence, or any other mechanism that you choose. The top techniques from Red Canary’s annual Threat Detection Report are incorporated into this template for convenience.
  2. Select a corresponding Atomic Red Team test. You can search for or browse tests by tactic, technique, or target platform here.
  3. Document whether the test was:

    • Observed in any manner, from system logs to network events
    • Detected by any of your controls, which could be SIEM analytics, alerts from any of your security products, or activity detected by partners or service providers
    • Mitigated by an existing secuirty control

This is based on the “ATT&CK in Excel” spreadsheet provided by MITRE, one of several resources for working with ATT&CK. It is based on the ATT&CK v12.1 release.

Get the template!

Discussion: LinkedIn, Twitter

Categories:

Updated: