MITRE ATT&CK Additions/Modifications - A Community Discussion

Hey folks,

I am in the process of populating our internal tooling with as much relevant MITRE ATT&CK (enterprise-attack for now) metadata as possible so that we can flesh out existing rules as well as our new rules with more accurate tactics & techniques.

On Friday there were 63 new metadata additions added to the database fuelling our signature management platform (making them available to rule writers) and I am now retroactively applying this metadata to older rules where I can.

Today, I have modified 561 rules with new MITRE ATT&CK metadata and I aim to hit roughly 5000 modifications before pushing the release later today.

We are aware that MITRE ATT&CK metadata is valuable to many of our customers and it is a topic we are often quizzed on.

My questions to the community are as follows:

  1. How are you currently utilising MITRE ATT&CK metadata from the Emerging Threats rulesets?

  2. What changes can we implement on our end to give you folks a better quality of life when interacting with and parsing that metadata?

1 Like