The Center for Threat-Informed Defense

All

31 repositories

attack-workbench-frontend
Public
An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application.
TypeScript
•
Apache License 2.0
•60•349•63•5•Updated Apr 11, 2025Apr 11, 2025
attack-workbench-rest-api
Public
An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects.
JavaScript
•
Apache License 2.0
•19•45•36•4•Updated Apr 10, 2025Apr 10, 2025
mappings-explorer
Public
Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. These mappings form a bridge between the threat-informed approach to cybersecurity and the traditional security controls perspective.
Jinja
•
Apache License 2.0
•11•56•0•4•Updated Apr 3, 2025Apr 3, 2025
caldera_pathfinder
Public archive
Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
cybersecurity red-team ctid adversary-emulation caldera threat-informed-defense
Python
•
Apache License 2.0
•23•126•2•1•Updated Apr 3, 2025Apr 3, 2025
attack-sync
Public
ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® version updates into their internal systems and processes.
cybersecurity ctid mitre-attack threat-informed-defense
Python
•
Apache License 2.0
•6•19•2•0•Updated Apr 2, 2025Apr 2, 2025
sightings_ecosystem
Public
Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.
data-science data-visualization cybersecurity ctid mitre-attack cyber-threat-intelligence
Python
•
Apache License 2.0
•7•34•1•0•Updated Mar 26, 2025Mar 26, 2025
m3tid
Public
The Measure, Maximize, and Mature Threat-Informed Defense (M3TID) project defines what Threat-Informed Defense (TID) is and the key activities associated with its practice.
cybersecurity ctid mitre-attack adversary-emulation cyber-threat-intelligence detection-engineering threat-informed-defense
Makefile
•
Apache License 2.0
•3•16•0•0•Updated Mar 21, 2025Mar 21, 2025
cti-blueprints
Public
CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.
incident-response cybersecurity malware-analysis threat-actors ctid mitre-attack cyber-threat-intelligence threat-informed-defense
TypeScript
•
Apache License 2.0
•31•238•2•0•Updated Mar 20, 2025Mar 20, 2025
tram
Public
TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.
cybersecurity ctid mitre-attack cyber-threat-intelligence threat-informed-defense
Jupyter Notebook
•
Apache License 2.0
•97•484•45•8•Updated Mar 20, 2025Mar 20, 2025
attack-flow
Public
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
cybersecurity ctid mitre-attack cyber-threat-intelligence threat-informed-defense
TypeScript
•
Apache License 2.0
•97•600•17•1•Updated Mar 20, 2025Mar 20, 2025
sensor-mappings-to-attack
Public
Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.
cybersecurity ctid mitre-attack cyber-defense threat-informed-defense cyber-tools
Python
•
Apache License 2.0
•4•49•1•1•Updated Mar 20, 2025Mar 20, 2025
summiting-the-pyramid
Public
Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.
cybersecurity ctid mitre-attack cyber-analytics detection-engineering threat-informed-defense
Makefile
•
Apache License 2.0
•3•37•0•0•Updated Mar 20, 2025Mar 20, 2025
technique-inference-engine
Public
TIE is a machine learning model for inferring associated MITRE ATT&CK techniques from previously observed techniques.
machine-learning cybersecurity ctid mitre-attack cyber-threat-intelligence threat-informed-dense
TypeScript
•
Apache License 2.0
•6•49•0•0•Updated Mar 19, 2025Mar 19, 2025
defending-ot-with-attack
Public
Defending OT with ATT&CK provides a customized threat collection tailored to the attack surface and threat model of operational technology environments.
Makefile
•
Apache License 2.0
•3•12•1•0•Updated Mar 18, 2025Mar 18, 2025
threat-modeling-with-attack
Public
Threat Modeling with ATT&CK defines how to integreate MITRE ATT&CK® into your organization’s existing threat modeling methodology.
cybersecurity threat-modeling attack-trees ctid mitre-attack cyber-threat-intelligence threat-informed-defense
Makefile
•
Apache License 2.0
•3•5•0•0•Updated Mar 18, 2025Mar 18, 2025
top-attack-techniques
Public
Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques to focus on first.
cybersecurity ctid mitre-attack cyber-threat-intelligence
Vue
•
Apache License 2.0
•21•118•1•1•Updated Mar 11, 2025Mar 11, 2025
mappings-editor
Public
Mappings Editor is an interactive, web-based tool created by the Center for Threat-Informed Defense for creating mappings of security capabilities to MITRE ATT&CK®. This tool is available as a public beta.
TypeScript
•
Apache License 2.0
•3•8•1•1•Updated Feb 28, 2025Feb 28, 2025
workshop
Public
4•7•1•0•Updated Jan 26, 2025Jan 26, 2025
attack-powered-suit
Public
ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, context menus, and ATT&CK Navigator integration.
chrome-extension browser-extension ctid mitre-attack cyber-threat-intelligence
JavaScript
•
Apache License 2.0
•11•77•7•0•Updated Nov 4, 2024Nov 4, 2024
insider-threat-ttp-kb
Public
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
cybersecurity ctid mitre-attack cyber-threat-intelligence threat-informed-defense insider-threat
Python
•
Apache License 2.0
•19•143•0•0•Updated Sep 4, 2024Sep 4, 2024
.github
Public
0•0•0•0•Updated Jul 25, 2024Jul 25, 2024
cwe-calculator
Public
The CWE Calculator enables software development teams to score and prioritize discovered weaknesses empirically based on data in the National Vulnerability Database (NVD).
cybersecurity cve cwe cvss ctid threat-informed-defense
Python
•
Apache License 2.0
•3•11•0•0•Updated Jul 16, 2024Jul 16, 2024
public-resources
Public
Collection of resources related to the Center for Threat-Informed Defense
PowerShell
•14•77•0•0•Updated May 22, 2024May 22, 2024
security-stack-mappings
Public archive
🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
aws security cloud azure gcp mitre-attack
Python
•
Apache License 2.0
•62•384•13•3•Updated Apr 3, 2024Apr 3, 2024
attack_to_veris
Public archive
🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
cybersecurity ctid mitre-attack cyber-threat-intelligence veris threat-informed-defense
Python
•
Apache License 2.0
•6•71•1•0•Updated Apr 3, 2024Apr 3, 2024
attack_to_cve
Public archive
🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
cybersecurity cve ctid mitre-attack threat-informed-defense
Apache License 2.0
•54•234•5•1•Updated Apr 3, 2024Apr 3, 2024
attack-control-framework-mappings
Public archive
🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
cybersecurity cti risk-management nist800-53 ctid mitre-attack cyber-threat-intelligence security-controls threat-informed-defense
Python
•
Apache License 2.0
•88•491•0•1•Updated Apr 3, 2024Apr 3, 2024
defending-iaas-with-attack
Public
Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a methodology for creating technique collections.
iaas cybersecurity ctid mitre-attack threat-informed-defense
Makefile
•
Apache License 2.0
•5•14•0•0•Updated Feb 27, 2024Feb 27, 2024
adversary_emulation_library
Public
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
cybersecurity red-team ctid mitre-attack adversary-emulation cyber-threat-intelligence threat-informed-defense adversary-emulation-plans
C
•
Apache License 2.0
•324•1.9k•26•9•Updated Jan 5, 2024Jan 5, 2024
attack-workbench-collection-manager
Public archive
[DEPRECATED] An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API and services for managing collections, collection indexes, and collection subscriptions.
deprecated
JavaScript
•
Apache License 2.0
•10•12•0•0•Updated Aug 16, 2023Aug 16, 2023