One key reference in determining threat intelligence requirements is the MITRE ATT&CK wiki located at The Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) is an extensive collection of tactics and techniques in use by adversaries. The tactics include each stage of the kill chain and includes in-depth analysis of each technique.

ATT&CK also includes detailed information on the various APT groups that have been identified by various information security and incident response research organizations. Entries in the ATT&CK platform are also thoroughly documented and footnoted to allow analysts to view both a digest and a comprehensive report.

The value of the ATT&CK wiki is that ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.