Sorting through information can be a difficult task at the best of times. When you are dealing with a literal mountain of actionable data like the MITRE ATT&CK Knowledge Base, just picking a starting point can be a tough job. Fortunately, MITRE has created the MITRE ATT&CK Navigator— a tool for searching across the entire KB and bringing together particular attack types and custom notations for organizations.
Accessing MITRE ATT&CK Navigator
To get to the MITRE ATT&CK Navigator, we will first want to access their GitHub at https://github.com/mitre-attack/attack-navigator/. This allows us to use the tool multiple ways, such as using a hosted version at https://mitre-attack.github.io/attack-navigator/, or we can download the files ourselves and use it locally. [CLICK IMAGES TO ENLARGE]
In either scenario, when we open up the navigator, we are greeted with a menu, asking what we want to do. For our purposes today, we will be making everything new, so we will first want to click on ‘Create New Layer’ and select ‘Enterprise’ when the new dropdown menu appears.
As you can see, the MITRE ATT&CK KB covers a lot of data. Fortunately, we can use some of the built-in tools to narrow down our search for