Sensor Mappings to ATT&CK (SMAP) is a Center for Threat-Informed Defense (Center) project that assists security operations teams and security leaders understand which tools, capabilities, and events can help detect real-world adversary TTPs in their environments. SMAP builds on MITRE ATT&CK® Data Sources by connecting the conceptual data source representions of information that can be collected to concrete logs, sensors, and other security capabilities that provide that type of data. This work complements the Center's Security Stack Mappings project by allowing defenders to use both resources to understand their overall defensive coverage and make threat-informed decisions.
Table Of Contents:
To get started, read the project website. It provides an overview of the goals and methodologies, defines all the key terms, and contains detailed examples.
| Resource | Description |
|---|---|
| Project Website | Documentation, methodology, use cases, examples. |
| Mappings Spreadsheet | Complete list of Sensor Mappings. |
| Navigator Layers | ATT&CK Navigator views of the Sensor Mappings. |
| STIX Bundles | Machine-readable list of Sensor Mappings. |
The initial SMAP work was developed using ATT&CKv13.1. The mappings include some data components that are not represented in ATT&CKv13.1 and may not be represented in more recent versions of ATT&CK. The reason for this is that ATT&CK does not include data components that do not currently have a relationship to a (sub-)technique. These mapped data components are being tracked by the ATT&CK team and will be considered for incorporation in future versions of ATT&CK as the overall ATT&CK catalog evolves.
There are several ways that you can get involved with this project and help advance threat-informed defense.
Please review the mappings, use them, and tell us what you think. We welcome your review and feedback on the SMAP mappings, our methodology, and other resources.
We are interested developing additional tools and resources to help the community understand and make threat-informed decisions in their risk management programs. Share your ideas and we will consider them as we explore additional research projects.
Please submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.
We welcome your feedback and contributions to help advance the Summiting project! Please see the guidance for contributors.
Copyright 2023 MITRE Engenuity. Approved for public release. Document number CT0089.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This project makes use of MITRE ATT&CK®