MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.
  1. Home
    2.  > ATT&CK Mapping Overview

ATT&CK Mapping Overview

As defenders, we see value in mapping active defense techniques to ATT&CK. In this section of the site, each tactic in the ATT&CK framework is shown individually. Clicking on a specific tactic in the ATT&CK Mapping menu will show a detail page with the following information:

  • ATT&CK ID & Name – The ATT&CK technique ID and Name.
  • Opportunity Space – High-level active defense possibilities introduced when attackers employ their techniques.
  • Active Defense Technique – The specific technique being applied.
  • Use Case – A high-level description of how a defender could do something to take advantage of the opportunity that the attackers action presents.
Note: Depending on your needs, it is possible to apply multiple active defense techniques; therefore, multiple lines may be visible for each ATT&CK ID. Below you can find our ATT&CK mapping broken down by ATT&CK tactic. Alternatively, the complete mapping on a single page can be found here.

ATT&CK Mapping by Tactic

ATT&CK Tactic Description
TA0043 - Reconnaissance The adversary is trying to gather information they can use to plan future operations.
TA0042 - Resource Development The adversary is trying to establish resources they can use to support operations.
TA0001 - Initial Access The adversary is trying to get into your network.
TA0002 - Execution The adversary is trying to run malicious code.
TA0003 - Persistence The adversary is trying to maintain their foothold.
TA0004 - Privilege Escalation The adversary is trying to gain higher-level permissions.
TA0005 - Defense Evasion The adversary is trying to avoid being detected.
TA0006 - Credential Access The adversary is trying to steal account names and passwords.
TA0007 - Discovery The adversary is trying to figure out your environment.
TA0008 - Lateral Movement The adversary is trying to move through your environment.
TA0009 - Collection The adversary is trying to gather data of interest to their goal.
TA0010 - Exfiltration The adversary is trying to steal data.
TA0011 - Command and Control The adversary is trying to communicate with compromised systems to control them.
TA0040 - Impact The adversary is trying to manipulate, interrupt, or destroy your systems and data.