Skip to content
@center-for-threat-informed-defense

The Center for Threat-Informed Defense

An R&D organization focused on advancing the state of the art and the state of the practice in threat-informed defense.
README.md

Changing the Game on the Adversary

The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally.

Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations.

THE RESULTS OF OUR RESEARCH & DEVELOPMENT PROJECTS ARE FREELY AVAILABLE TO THE PUBLIC.

Pinned Loading

  1. mappings-explorer mappings-explorer Public

    Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. These mappings form a…

    Jinja 36 10

  2. adversary_emulation_library adversary_emulation_library Public

    An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

    C 1.7k 303

  3. attack-flow attack-flow Public

    Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flow…

    TypeScript 536 85

  4. summiting-the-pyramid summiting-the-pyramid Public

    Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

    Makefile 24 3

  5. attack-workbench-frontend attack-workbench-frontend Public

    An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user in…

    TypeScript 308 60

  6. tram tram Public

    TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

    Jupyter Notebook 433 92

Repositories

Showing 10 of 31 repositories
  • attack-workbench-frontend Public

    An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application.

    center-for-threat-informed-defense/attack-workbench-frontend’s past year of commit activity
    TypeScript 308 Apache-2.0 60 43 1 Updated Sep 19, 2024
  • attack-powered-suit Public

    ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, context menus, and ATT&CK Navigator integration.

    center-for-threat-informed-defense/attack-powered-suit’s past year of commit activity
    JavaScript 69 Apache-2.0 12 2 0 Updated Sep 18, 2024
  • mappings-editor Public

    Mappings Editor is an interactive, web-based tool created by the Center for Threat-Informed Defense for creating mappings of security capabilities to MITRE ATT&CK®. This tool is available as a public beta.

    center-for-threat-informed-defense/mappings-editor’s past year of commit activity
    TypeScript 5 Apache-2.0 2 1 0 Updated Sep 17, 2024
  • attack-workbench-rest-api Public

    An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects.

    center-for-threat-informed-defense/attack-workbench-rest-api’s past year of commit activity
    JavaScript 41 Apache-2.0 22 39 6 Updated Sep 12, 2024
  • technique-inference-engine Public

    TIE is a machine learning model for inferring associated MITRE ATT&CK techniques from previously observed techniques.

    center-for-threat-informed-defense/technique-inference-engine’s past year of commit activity
    Jupyter Notebook 15 Apache-2.0 2 0 1 Updated Sep 7, 2024
  • insider-threat-ttp-kb Public

    The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.

    center-for-threat-informed-defense/insider-threat-ttp-kb’s past year of commit activity
    Python 135 Apache-2.0 21 0 0 Updated Sep 4, 2024
  • defending-ot-with-attack Public

    Defending OT with ATT&CK provides a customized threat collection tailored to the attack surface and threat model of operational technology environments.

    center-for-threat-informed-defense/defending-ot-with-attack’s past year of commit activity
    Makefile 11 Apache-2.0 3 1 0 Updated Aug 26, 2024
  • attack-flow Public

    Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

    center-for-threat-informed-defense/attack-flow’s past year of commit activity
    TypeScript 536 Apache-2.0 85 9 0 Updated Aug 21, 2024
  • mappings-explorer Public

    Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. These mappings form a bridge between the threat-informed approach to cybersecurity and the traditional security controls perspective.

    center-for-threat-informed-defense/mappings-explorer’s past year of commit activity
    Jinja 36 Apache-2.0 10 0 1 Updated Aug 15, 2024
  • top-attack-techniques Public

    Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques to focus on first.

    center-for-threat-informed-defense/top-attack-techniques’s past year of commit activity
    Vue 115 Apache-2.0 22 1 2 Updated Aug 1, 2024
View all repositories