Decoding the MITRE ATT&CK Framework

What is MITRE ATT&CK?

The MITRE ATT&CK® framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a common language for both offensive and defensive security professionals.

ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge.

Tactics vs Techniques

Term	Definition	Example
Tactic	The “Why” - the adversary’s tactical goal.	Initial Access (TA0001)
Technique	The “How” - the method used to achieve the goal.	Phishing (T1566)
Procedure	The exact execution of a technique.	Sending an email with an Excel macro.

Why Purple Teams Love It

For Purple Teaming, MITRE ATT&CK is the gold standard. It allows Red Teams to emulate specific threat actors (like APT29) by chaining techniques together, while Blue Teams can map their SIEM detections directly to the framework to identify coverage gaps.

Learn more on the official MITRE ATT&CK website.

If your SOC is tracking alerts without mapping them to ATT&CK, you are missing out on identifying the broader kill chain!