MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This dashboard includes the tactics and techniques to describe adversarial actions and behaviors. Techniques are specific actions an attacker might take, and tactics are phases of attacker behavior. See MITRE ATT&CK and Alarms List View for more information.
Note: You can watch the How to improve threat detection and response with the MITRE ATT&CK framework customer training webcast on-demand to learn how to use MITRE ATT&CK within USM Anywhere.
|MITRE ATT&CK||Table with Tactics and Techniques, see Alarms List View for more information.|
|Command and Control Top Assets||The command and control tactic represents how adversaries communicate with systems under their control within a target network.|
|Exfiltration Top Assets||Exfiltration refers to techniques and attributes that result or aid in the adversary stealing files and information from a target network.|
|Privilege Escalation Top Assets||Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions on a system or network.|
|Lateral Movement Top Assets||Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems.|
|Credential Access Top Assets||Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment.|
|Discovery Top Assets||Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network.|
|Defense Evasion Top Assets||Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.|
|Persistence Top Assets||Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system.|
|Execution Top Assets||The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system|
|Collection Top Assets||Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration.|
|Initial Access Top Assets||The initial access tactic represents the vectors adversaries use to gain an initial foothold within a network.|