I’ve been a huge fan of MITREs ATT&CK framework ever since its release. It has been of enormous value to the whole InfoSec community and it will hopefully continue to remain so for a long long time.

We’re on the verge of one of the biggest overhauls since its release, the introduction of sub-techniques, or when you read this they might be out already. I personally believe this is a great step forward. This introduction will cause everyone to do a big overhaul of their detection tagging and improvement of their ruleset.

On the positive side it will also bring a lot more clarity and granularity and it will bring more insight to a lot of people of possible attack techniques they weren’t aware of before.

As some of you know I’m quite a visual person and one of my projects is a Splunk application for ThreatHunting which is heavily ATT&CK focussed.

I’ve been building some new dashboard visualisations like the screenshot below. Soon I realised there was a lack of a proper color scheme that would assist in quickly understanding impact and importance. One way of doing this is would be by tactic.