Chapter 10: Purple Teaming the ATT&CK Tactics

The MITRE ATT&CK framework has become the de facto standard knowledge base regarding adversary tactics and techniques. This repository is continuously evolving and offers classified tactics and techniques that could be used by both red and blue teams for security assessments. An interesting part of this framework is that these technical references can be used directly in security devices such as Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Breach Attack Simulation (BAS), Sigma rules (where most of the detection rules contain MITRE ATT&CK tags), and so on. Security professionals can now build a full coverage mapping of all techniques to get an overall view ...

Get Purple Team Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Purple Team Strategies by David Routin, Simon Thoores, Samuel Rossier

Chapter 10: Purple Teaming the ATT&CK Tactics

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly