Introducing ATT&CK v10: More Objects, Parity and Features

Amy L. RobertsonOct 21 · 6 min read

By Amy L. Robertson (MITRE), Alexia Crumpton (MITRE), and Chris Ante (MITRE)

As announced a couple of weeks ago, we’re back with the latest release and we’re thrilled to reveal all the updates and features waiting for you in ATT&CK v10. The v10 release includes the next episode in our data sources saga, as well as new content and our usual enhancements to (sub-)Techniques, Groups, and Software across Enterprise, Mobile and ICS, which you can find more details about on our release notes.

Making Sense of the New Data Sources: Episode II

In ATT&CK v9, we launched the new form of data sources which featured an updated structure for the data source names (Data Source: Data Component), reflecting

“What is the subject/topic of the collected data (file, process, network traffic, etc.)?” :

“What specific values/properties are needed in order to detect adversary behaviors?”

These updates were linked to Yaml files in GitHub, but weren’t fully integrated into the rest of ATT&CK yet. Our updated content in ATT&CK v10 aggregates this information about data sources, while structuring them as the new ATT&CK data source objects (somewhat similar to how Mitigations are reflected).

The data source object features the name of the

Read More: