{"frameworkId":"mitre-attack","label":"MITRE ATT&CK","version":"v10","description":"Globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Foundation for threat modeling, detection engineering, and adversary emulation.","homepageUrl":"https://attack.mitre.org/","css":"fw-mitre","totalControls":201,"registryKey":"mitre-attack","csvColumn":"MitreAttack","displayOrder":14,"scoring":{"method":"technique-coverage","tactics":{"TA0043":{"label":"Reconnaissance"},"TA0042":{"label":"Resource Development"},"TA0001":{"label":"Initial Access"},"TA0002":{"label":"Execution"},"TA0003":{"label":"Persistence"},"TA0004":{"label":"Privilege Escalation"},"TA0005":{"label":"Defense Evasion"},"TA0006":{"label":"Credential Access"},"TA0007":{"label":"Discovery"},"TA0008":{"label":"Lateral Movement"},"TA0009":{"label":"Collection"},"TA0011":{"label":"Command and Control"},"TA0010":{"label":"Exfiltration"},"TA0040":{"label":"Impact"}}},"colors":{"light":{"background":"#fef2f2","color":"#991b1b"},"dark":{"background":"#7F1D1D","color":"#FCA5A5"}},"controlIdFormat":"T{number}[.{sub}]","note":"totalControls reflects techniques referenced in CheckID mappings, not the full ATT&CK matrix (356+ techniques).","taxonomyDecision":"domain-fallback","taxonomyReason":"ATT&CK technique IDs (e.g. T1078.004) do not encode tactics. Many M365-Assess checks map to 100+ techniques each (semicolon-separated), and a single technique can serve multiple tactics \u2014 making any per-check tactic grouping ambiguous. Native taxonomy intentionally not provided; report falls back to M365-Assess domain breakdown. To enable: ship a technique \u2192 tactic lookup table and decide how to handle multi-tactic techniques. See issue #845 + docs/SCORING.md."}
|