What is MITRE ATT&CK?
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques observed in real-world cyberattacks, organized into a matrix that security teams use for detection engineering, gap assessment, red teaming, and threat intelligence alignment.
Definition
- MITRE ATT&CK
- MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques observed in real-world cyberattacks, organized into a matrix that security teams use for detection engineering, gap assessment, red teaming, and threat intelligence alignment.
How MITRE ATT&CK Works
First published in 2013 from internal MITRE research, ATT&CK has become the de facto standard for describing attacker behavior. The Enterprise matrix covers 14 tactics (Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact) and over 400 techniques and sub-techniques.
Each technique page documents: behavior description, procedure examples from real campaigns (linking threat actors and malware to the technique), detection guidance (data sources, patterns), and mitigations. ATT&CK is useful simultaneously for defenders (what to detect), intelligence analysts (tracking actor behavior), and red teamers (what to emulate).
The ATT&CK Navigator tool visualizes detection coverage, mapping which techniques have detection rules and identifying gaps. This informs detection engineering priorities and tool procurement.
MITRE ATT&CK in SOC Operations
MITRE ATT&CK is essential knowledge for every SOC analyst. SOCSimulator maps all alerts and scenarios to ATT&CK techniques, so you develop detection skills and framework literacy simultaneously. When an alert fires, understanding which technique it represents immediately informs your investigation: which techniques are commonly chained after this one, what data sources to query, and what the attacker's likely objective is.
Practice MITRE ATT&CK in a Real SOC
SOCSimulator provides hands-on training with realistic SIEM, XDR, and Firewall interfaces. Build real analyst skills investigating mitre att&ck scenarios with zero consequences — free forever.
Related Terms
Tactics, Techniques, and Procedures (TTPs) describe the behavioral patterns, methods, and operationa...
The Cyber Kill Chain is a framework developed by Lockheed Martin that describes seven sequential sta...
The Diamond Model of Intrusion Analysis represents every intrusion event as a relationship between f...
Threat hunting is the proactive, human-led process of searching through security telemetry to find h...
Threat intelligence is analyzed, contextualized information about current and emerging cyber threats...
More Frameworks Terms
Related SOC Training Resources
SOC Manager Career Guide — Salary & Skills
SOC Managers run the operation. You own staffing, playbook development, tool selection, performance metrics, and executi…
Read more Career PathDetection Engineer Career Guide — Salary & Skills
Detection Engineers build the rules, analytics, and automated workflows that determine what the SOC can see. You transla…
Read more Career PathSecurity Engineer Career Guide — Salary & Skills
Security Engineers build and maintain the infrastructure that SOC analysts depend on. You deploy SIEMs, configure firewa…
Read more ComparisonSOCSimulator vs CyberDefenders — Comparison
SOCSimulator trains the operational workflow: alert triage, correlation, and response under pressure. CyberDefenders tra…
Read more ComparisonSOCSimulator vs Security Blue Team — Comparison
SOCSimulator provides continuous operational training that keeps your skills sharp between shifts. Security Blue Team pr…
Read more ToolSIEM Training Console — SOCSimulator
The SIEM console in SOCSimulator replicates the workflow of enterprise platforms like Splunk Enterprise Security, Micros…
Read more ToolXDR Training Console — SOCSimulator
The XDR console in SOCSimulator replicates the investigation workflow of platforms like CrowdStrike Falcon, Microsoft De…
Read more TechniqueMITRE ATT&CK Techniques — Detection Training Library
Browse all MITRE ATT&CK techniques with detection strategies and example alerts.
Read more Career PathCybersecurity Career Paths — 2026 Guide
Explore SOC analyst career paths with salary data, required skills, and certification roadmaps.
Read more PlaybookSOC Investigation Playbooks — Step-by-Step Guides
Practitioner investigation playbooks with decision trees and real SIEM queries.
Read more FeatureShift Mode — Real-Time SOC Simulation
Practice alert triage under realistic time pressure with SLA timers and noise injection.
Read more FeatureOperations — Guided Training Rooms
Structured CTF-style investigation rooms covering real-world attack scenarios.
Read more