MITRE TRAM: Mapping Threat Reports to ATT&CK
Threat ATT&CK Report Mapper
Description
TRAM is a web-based tool that automates the extraction of adversary behaviors for the purpose of mapping them to ATT&CK.
TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®. TRAM enables researchers to test and refine Machine Learning (ML) models for identifying ATT&CK techniques in prose-based threat intel reports and allows threat intel analysts to train ML models and validate ML results.
Through research into automating the mapping of cyber threat intel reports to ATT&CK, TRAM aims to reduce the cost and increase the effectiveness of integrating ATT&CK into cyber threat intelligence across the community. Threat intel providers, threat intel platforms, and analysts should be able to use TRAM to integrate ATT&CK more easily and consistently into their products.
Threat Report ATT&CK Mapper (TRAM) aims to provide a streamlined approach for analyzing reports and extracting ATT&CK techniques. Our hope is that automating mapping to ATT&CK can reduce analyst fatigue, increase ATT&CK coverage, and improve consistency and accuracy of threat intelligence mappings. We are excited to now share a public beta of TRAM with the ATT&CK community.
TRAM Under the Hood:
1. Get Data : STIX & TAXII >> TIP
2. Clean the Data.
3. Train Model.
4. Collect Reports. >> Report Uploading
5. Test Data.(Through ML Models).
6. Accept or Review Model Decisions.(Score & Technique).
7. Feedback loop.
How TRAM is a Enabler:
1. Make it easier to get started with ATT&CK.
2. Remembering 266+ techniques is hard.>> Not only 266+ but is ever growing..>> MITRE ATT&CK is a Live framework.
3. Use Reporting which is important.
What You Will Learn!
- Better Understanding of Threat generated and their mapping with Att&ck Live Framework
- MITRE ATT&CK
- TRAM Tool for Threat Report ATT&CK Mapper
- Hands on TRAM Exercises
Who Should Attend!
- Security Professional