MITRE ATT&CK® Matrix
MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework enhances your organization's network security using a defensive and standardized matrix. Using the robust ATT&CK knowledge base, you can evaluate your organization's adherence to the MITRE ATT&CK® framework.
Using Qualys provisioned Enterprise MITRE ATT&CK Matrix; you can identify the gaps in the security architecture, instantly contain the threat, and protect your organization from new attacks.
In this section, we have listed some of the Frequently Asked Questions that will be helpful for you while working on implementing the Enterprise MITRE ATT&CK Matrix:
What are the Prerequisites for MITRE ATT&CK Matrix?
Following are the prerequisites for Enterprise MITRE ATT&CK Matrix in the Prioritization tab of VMDR:
- Application: VMDR full subscription
- Operating Systems: Windows, Linux, or Mac
- User Role: VMDR Manager, Non-Manager, and Sub-Users
Additionally, with the Qualys Policy Compliance (PC) subscription, you can reduce internal and external threats by scanning your systems' compliance checks against your policies. The Qualys Endpoint Detection and Response (EDR) subscription leverages you to get a list of compromised events.
Before I proceed, which MITRE ATT&CK terms should I be aware of?
| Terms | Description |
| Adversarial | Adversarial represents threat actors |
| Tactics | Tactics represent the threat actors' goal for an attack. |
| Techniques | Techniques represent how threat actors' can achieve their Tactic or goal. |
| Common Knowledge | Common Knowledge documents the use of tactics and techniques by adversaries. |
| Sub-Techniques | Sub-Techniques are specific descriptions of the adversarial behavior to achieve a goal. |
| Risk Findings | Risk Findings are displayed in the MITRE ATT&CK Matrix in the Prioritization tab of the VMDR. |
Where can I get the list of MITRE ATT&CK Tactics and Techniques?
Currently, there are 14 Tactics and more than 150 Techniques. To know more about each Tactics and Techniques, refer to the MITRE ATT&CK webpage.
How does Qualys VMDR use the MITRE ATT&CK Matrix?
The VMDR application leverages the MITRE ATT&CK® framework in matrix form based on vulnerabilities (QID), misconfigurations (CID), and Endpoint Detection and Response (EDR) events. The MITRE ATT&CK Matrix in the VMDR application's Prioritization tab shows a detailed view of Tactics, Techniques, and Sub-Techniques. To learn more, refer to the MITRE ATT&CK Matrix in VMDR Prioritization.
The following pictorial representation of the matrix depicts the Tactics and Techniques based on the vulnerabilities (QID), misconfigurations (CID), and Endpoint Detection and Response (EDR) events:
With Qualys provisioning MITRE ATT&CK Matrix, you can detect and remediate vulnerabilities and events. You can foster strong network security in your organization if you subscribe to Qualys Policy Compliance (PC) and Qualys Endpoint Detection and Response (EDR) applications.
Additional Resources
MITRE ATT&CK webpage