Ratings: 3.76 / 5.00




Description

TRAM is a web-based tool that automates the extraction of adversary behaviors for the purpose of mapping them to ATT&CK.

TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®. TRAM enables researchers to test and refine Machine Learning (ML) models for identifying ATT&CK techniques in prose-based threat intel reports and allows threat intel analysts to train ML models and validate ML results.

Through research into automating the mapping of cyber threat intel reports to ATT&CK, TRAM aims to reduce the cost and increase the effectiveness of integrating ATT&CK into cyber threat intelligence across the community. Threat intel providers, threat intel platforms, and analysts should be able to use TRAM to integrate ATT&CK more easily and consistently into their products.

Threat Report ATT&CK Mapper (TRAM) aims to provide a streamlined approach for analyzing reports and extracting ATT&CK techniques. Our hope is that automating mapping to ATT&CK can reduce analyst fatigue, increase ATT&CK coverage, and improve consistency and accuracy of threat intelligence mappings. We are excited to now share a public beta of TRAM with the ATT&CK community.


TRAM Under the Hood:


1. Get Data : STIX & TAXII >> TIP

2. Clean the Data.

3. Train Model.

4. Collect Reports. >> Report Uploading

5. Test Data.(Through ML Models).

6. Accept or Review Model Decisions.(Score & Technique).

7. Feedback loop.


How TRAM is a Enabler:


1. Make it easier to get started with ATT&CK.

2. Remembering 266+ techniques is hard.>> Not only 266+ but is ever growing..>> MITRE ATT&CK is a Live framework.

3. Use Reporting which is important.

What You Will Learn!

  • Better Understanding of Threat generated and their mapping with Att&ck Live Framework
  • MITRE ATT&CK
  • TRAM Tool for Threat Report ATT&CK Mapper
  • Hands on TRAM Exercises

Who Should Attend!

  • Security Professional