MITRE ATT&CK Defender™ (MAD) ATT&CK® Cyber Threat Intelligence Certification Training

The ATT&CK® team will help you learn how to leverage ATT&CK® to improve your cyber threat intelligence (CTI) practices.

Target Audience

ATT&CK® for Cyber Threat Intelligence is an intermediate course that focuses on identifying, developing, analyzing, and applying ATT&CK®-mapped intelligence. Participants should have a solid understanding of the ATT&CK® framework. If you’re unfamiliar with ATT&CK®, we suggest that you take MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals prior to this course.

Prerequisites

• An understanding of the ATT&CK® framework through the MITRE ATT&CK Defender™ (MAD) – ATT&CK® Fundamentals course
• An understanding of security concepts, previous training, or prior CTI field experience

MITRE ATT&CK Cyber Threat Intelligence Certification Course Goals

By the end of this MITRE ATT&CK Cyber Threat Intelligence Certification course, students should be able to:

• Map to ATT&CK® from both narrative reporting and raw data
• Effectively store and display ATT&CK®-mapped data
• Leverage ATT&CK® Navigator for analysis
• Perform CTI analysis using ATT&CK®-mapped data
• Provide actionable defensive recommendations based on ATT&CK®-mapped data

Note: Per our partnership agreement with MITRE Engenuity, MITRE will have access to learner usage data.

• Mapping to ATT&CK® from Narrative Reports
• Introduction: Challenges, Advantages and the Process of Mapping to ATT&CK®
• Finding and Researching the Behavior
• Translating the Behavior into a Tactic
• Identifying Techniques or Sub-Techniques
• Mapping to a Narrative Point
• Hedging Your Biases
• Mapping to ATT&CK® from Raw Data
• The Process of Mapping from Raw Data
• Identify and Research Behaviors
• Translate Behaviors to Tactics, Techniques and Sub-Techniques
• Raw Data to Narrative Reporting
• Storing and Analyzing ATT&CK®-Mapped Data
• Storing and Displaying ATT&CK®-Mapped Data
• Expressing and Storing ATT&CK®-Mapped Data
• Analyzing ATT&CK®-Mapped Data
• Exercise 3: Comparing Layers in ATT&CK® Navigator
• Making Defensive Recommendations from ATT&CK®-Mapped Data
• The Defensive Recommendations Process
• How Techniques and Sub-Techniques are Being Used
• Researching Organizational Capabilities and Constraints and Determine Trade-Offs
• Make Defensive Recommendations