Professional Documents
Culture Documents
1fun With MITRE ATTCK Navigator
1fun With MITRE ATTCK Navigator
@rubysgeekymom
Today’s Topics
• How I stumbled upon these tools.
• What are MITRE ATT&CK, ATT&CK
Navigator and NIST 800-53?
• How can Defenders use these tools to their
advantage?
Not another boring slideshow
How I stumbled upon this tool
► SCYTHE’s reporting capabilities include NIST SP 800-53 summaries are available to use
in ATT&CK Navigator
► I was not familiar with these tools = RESEARCH
► Research led me to testing the SCYTHE summaries in the Navigator
► I thought they were cool and a two part blog for CSNP
MITRE ATT&CK
https://attack.mitre.org/
MITRE ATT&CK & The Blue Team
https://www.scythe.io/library/simplifying-the-mitre-att-ck-framework
ATT&CK Navigator
► NIST SP 800-53, Security and Privacy Controls for Information Systems and
Organizations
► Describes families of security controls
► Created as a guide for Federal and Critical Infrastructure Information Systems
► Used by many other sectors for risk assessments and creating defense in depth
► NIST SP 800-53 Revision 5
Center for Threat-Informed Defense
► December 2020 the Center for Threat-Informed Defense released a set of mappings
between MITRE ATT&CK and the NIST SP 800-53
► Focus is to enable users to easily map threats, that are specific to their organization, to
NIST controls
► Contributes to more effective security and closing gaps.
https://medium.com/mitre-engenuity/security-control-mappings-a-bridge-to-threat-informed-defense-2e42a074f64a
ATT&CK Navigator & NIST SP 800-53
https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings
Getting Started
► The README.MD contains links to download the NIST to MITRE mappings in Excel
format.
► Useful for quick lookup when reviewing the ATT&CK Navigator layer.
Using the Navigator Tool
► In order to set this up using the Use Case #4, there are a couple of changes that have to be
made.
► 1. Under Selection Controls, click the Multi Select button.
► 2. Click the view link to the right of each group to view the group’s MITRE ATT&CK
page.
► 3. Select the desired threat group.
Step 3 -Background Color and Filters
► 4. Techniques used by that group are outlined in black. Changing the background to a
color for better visualization.
► 5. To change the background color, go to technique controls and click the paint can icon.
Select the background color.
► 6. Select Layer Controls> Filter to drill down to specific platforms.
Use Case 4