mapping-mitre-attack-techniques

Featured

Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Mapping MITRE ATT&CK Techniques ## When to Use Use this skill when: - Generating an ATT&CK coverage heatmap to show which techniques your detection stack addresses - Tagging existing SIEM use cases or Sigma rules with ATT&CK technique IDs for structured reporting - Aligning your security program roadmap to specific adversary groups known to target your sector **Do not use** this skill for real-time incident triage — ATT&CK mapping is an analytical activity best performed post-detection or during threat hunting planning. ## Prerequisites - Access to MITRE ATT&CK knowledge base (https://attack.mitre.org) or local ATT&CK STIX data bundle - ATT&CK Navigator web app or local installation (https://mitre-attack.github.io/attack-navigator/) - Inventory of existing detection rules (Sigma, Splunk, Sentinel KQL) to assess current coverage - ATT&CK Python library: `pip install mitreattack-python` ## Workflow ### Step 1: Obtain Current ATT&CK Data Download the latest ATT&CK STIX bundle for the relevant matrix (Enterprise, Mobile, ICS): ```bash curl -o enterprise-attack.json \ https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json ``` Use the mitreattack-python library to query techniques programmatically: ```python from mitreattack.stix20 import MitreAttackData mitre = MitreAttackData("enterprise-attack.json") techniques = mitre.get_techniques(remove_revoked_deprecated=True) for t in techniques[:5]: print(t["external_references"][0]["...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-mitre-attack-coverage-mapping

Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure SOC detection maturity against adversary techniques.

12,642 Updated today
mukul975
AI & Automation Solid

mitre-attck-skill

MITRE ATT&CK framework mapping and analysis

1,034 Updated today
a5c-ai
AI & Automation Featured

analyzing-threat-actor-ttps-with-mitre-attack

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh

12,642 Updated today
mukul975
AI & Automation Featured

implementing-threat-modeling-with-mitre-attack

Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets, assess detection coverage gaps, and prioritize defensive investments. Use when SOC teams need to align detection engineering with threat landscape, conduct threat assessments for new environments, or justify security tool procurement.

12,642 Updated today
mukul975
AI & Automation Featured

analyzing-apt-group-with-mitre-navigator

Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.

12,642 Updated today
mukul975