Rich Piazza
28 lines
1.8 KiB
Markdown
Executable File
28 lines
1.8 KiB
Markdown
Executable File
# cti
|
|
The Cyber Threat Intelligence Repository of ATT&CK and CAPEC catalogs expressed in STIX 2.0 JSON. See [USAGE](USAGE.md) for information on using this content with [python-stix2](https://github.com/oasis-open/cti-python-stix2).
|
|
|
|
## ATT&CK
|
|
ATT&CK is a catalog of techniques and tactics that describe post-compromise adversary behavior on typical enterprise IT environments. The core use cases involve using the catalog to analyze, triage, compare, describe, relate, and share post-compromise adversary behavior.
|
|
|
|
https://attack.mitre.org/wiki/Main_Page
|
|
|
|
## STIX
|
|
Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).
|
|
|
|
STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.
|
|
|
|
STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.
|
|
|
|
https://oasis-open.github.io/cti-documentation/
|
|
|
|
## CAPEC
|
|
|
|
Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attacks employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
|
|
|
|
- Focuses on application security
|
|
- Enumerates exploits against vulnerable systems
|
|
- Includes social engineering / supply chain
|
|
- Associated with Common Weakness Enumeration (CWE)
|
|
|
|
https://capec.mitre.org/
|