Update README.md
added text for CAPEC
This commit is contained in:
Rich Piazza
@@ -1,5 +1,5 @@
|
||||
# cti
|
||||
Cyber Threat Intelligence Repository of ATT&CK catalog expressed in STIX 2.0 JSON. See [USAGE](USAGE.md) for information on using this content with [python-stix2](https://github.com/oasis-open/cti-python-stix2).
|
||||
The Cyber Threat Intelligence Repository of ATT&CK and CAPEC catalogs expressed in STIX 2.0 JSON. See [USAGE](USAGE.md) for information on using this content with [python-stix2](https://github.com/oasis-open/cti-python-stix2).
|
||||
|
||||
## ATT&CK
|
||||
ATT&CK is a catalog of techniques and tactics that describe post-compromise adversary behavior on typical enterprise IT environments. The core use cases involve using the catalog to analyze, triage, compare, describe, relate, and share post-compromise adversary behavior.
|
||||
@@ -14,3 +14,14 @@ STIX enables organizations to share CTI with one another in a consistent and mac
|
||||
STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.
|
||||
|
||||
https://oasis-open.github.io/cti-documentation/
|
||||
|
||||
## CAPEC
|
||||
|
||||
Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attacks employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
|
||||
|
||||
- Focuses on application security
|
||||
- Enumerates exploits against vulnerable systems
|
||||
- Includes social engineering / supply chain
|
||||
- Associated with Common Weakness Enumeration (CWE)
|
||||
|
||||
https://capec.mitre.org/
|
||||
|
||||
Reference in New Issue
Block a user