Put MITRE ATT&CK® at Your Fingertips
Written by Mark E. Haase and Jon Baker.
The MITRE ATT&CK® community spends too much time copying and pasting text from one place to another to achieve simple tasks like looking up ATT&CK technique ids, linking to a software page, or just finding a term from the latest threat intel report in the ATT&CK knowledge base. Today, the Center for Threat-Informed Defense released a browser extension called ATT&CK Powered Suit. This extension puts the entire ATT&CK knowledge base at your fingertips and enables quick searches for tactics, techniques, and more without disrupting your workflow. In keeping with our mission to advance the state of the art and the state of the practice in threat-informed defense globally, the extension is freely available in the Chrome store.
The Center created Powered Suit in partnership with Fujitsu. Special thanks to Toshitaka Satomi for coming up with the idea and providing the initial source code.
Created with cyber threat intel analysts and defenders in mind, Powered Suit creates an overlay in your browser where you can quickly look up ATT&CK objects. For example, if you are reading a cybersecurity blog and want to look up something about protocol tunneling, it’s a snap.
Each search result contains “copy snippets” underneath it such as “Name” and “Summary” that let you copy information with a single click to paste into your research notebook. These copy snippets are also customizable so you can tailor them to match your individual research process.
Powered Suit performs all queries locally in the browser. This design enables an instantaneous search experience and provides the utmost privacy. Your search query and usage data are not sent to or collected by any third party.
There are a few other tricks up its sleeve. Occasionally you may come across an ATT&CK technique ID that is not linked to the official ATT&CK web site. If you highlight the text, Powered Suit will recognize these IDs and instantly link to them.
For advanced users, there is also support for Omnibar — that is, the bar at the top of the Chrome window that contains the current URL and also lets you enter queries for generalized search engines. Typically, when you search in the Omnibar, your results come from Google, Duck Duck Go, or Bing. When you install Powered Suit, any query that begins with the word “attack” will display results directly from the ATT&CK knowledge base. This is immensely helpful when you have an ID or name in mind and want to quickly pull it up on the ATT&CK website.
We are excited to share Powered Suit with you. We have been using it internally for several months and the feedback has been overwhelmingly positive. A lot of features are packed into it — more than we can cover in a single blog post — and we invite you to try it today.
Are you ready to start using Powered Suit? It is available in the Google Web Store.
Suggestions and Feedback… If you have feedback or ideas, contact us at ctid@mitre-engenuity.org or open an issue on the GitHub repository.
About the Center for Threat-Informed Defense
The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.
© 2022 MITRE Engenuity. Approved for Public Release. Document number CT0052.
