"Helping Cyber Defenders 'Decide' to Use MITRE ATT&CK"

Since the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) released the first edition of Best Practices for MITRE ATT&CK Mapping about two years ago, the ATT&CK framework has evolved, expanded, and enhanced its ability to offer more than just cyber threat intelligence for the cybersecurity community. CISA has issued a second edition of its mapping guide and introduced a new companion tool called Decider. This tool guides users through a mapping process by asking them questions about adversary activity to help them determine the appropriate tactic, technique, or sub-technique to apply. With the tool, users are presented with a fact sheet and a video on Decider's key features and capabilities. These features include guided questions concerning adversary activity to help users confirm whether they are mapping correctly. Decider's key features also include a search and filtering functionality to help users zero in on what is most pertinent to their analysis. This article continues to discuss the purpose and development of CISA's new Decider tool as well as updates to CISA's mapping guide. 

CISA reports "Helping Cyber Defenders 'Decide' to Use MITRE ATT&CK"