Unite ATT&CK and Security Controls with Mappings Explorer
Written by Tiffany Bergeron and Mark E. Haase.
Understanding the relationship between security capabilities and adversary behaviors is foundational to threat-informed defense. The Center for Threat-Informed Defense (Center) provides a collection of open, independently developed, mappings between security capabilities and MITRE ATT&CK®. These mappings enable security teams around the world to make threat-informed decisions — making their defenses more efficient and effective against the threats that matter most to them.
Mappings Explorer is a hub for defenders to explore these security capability mappings to ATT&CK. This singular resource provides a searchable and customizable collection of mappings and tools that expand the ability understand and mitigate real-world cyber threats. Cyber defenders now have easy access to explore mapped security capabilities from the perspective of the ATT&CK techniques they mitigate.
Mappings Explorer was created in partnership with Research Participants AttackIQ, Inc., Citigroup, IBM Security, and JPMorgan Chase Bank, N.A..
Mappings Explorer
The Mappings Explorer website is the hub where you will find all Center mapping products, tools, and resources. The website presents security control mappings and threat and mitigation data in user-friendly ways and allows for your customized exploration.
Through the website, you can create a customized view of all mappings. Features include:
- Display all techniques with associated capability mappings (both matrix view and list view).
- Select a technique to view details, including all security capabilities to which the technique has been mapped.
- Select a mapping project to view the controls in that project.
- Download artifacts including spreadsheets and ATT&CK Navigator layers. A customizable ATT&CK Navigator layer of each of the mappings is provided for visual exploration and viewing mapping coverage.
- For each security control, view all the techniques mapped to that control.
- Cross link between techniques and controls to pivot your view.
In addition to these customizations, Mappings Explorer includes the ability for you to search across platforms and frameworks. Behind the scenes, all mappings are unified under a structured data format for expanded accessibility and usability. Mappings Explorer hosts usage documentation, including mapping methodologies and use cases to demonstrate how the mappings can be used.
Mappings Editor
The Mappings Editor is a new tool to create and update capability mappings to ATT&CK objects. We use the Mappings Editor for:
- Navigational functions for viewing and sorting mappings,
- “Mass edit” features and functionality,
- Functionality to move or copy mappings from one location to another (copy/paste, drag and drop),
- Built-in error checking,
- On-disk mapping file update, and
- Import/merge feature for combining mappings files, supporting team workflow.
The beta version of Mapping Editor is available to all on the Mappings Editor GitHub repository.
Get Involved
We welcome your feedback and contributions to continue to advance Mappings Explorer. You are also welcome to submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.
About the Center for Threat-Informed Defense
The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.
© 2024 MITRE Engenuity. Approved for Public Release. Document number CT0104.
