use cases to use_cases

docs/architecture.rst

@@ -50,10 +50,8 @@ taken when defining the Defending OT with ATT&CK's architecture assets:
   * Understanding impact to assets, particulary in context of ICS and application of ATT&CK 
     in IT and OT environments
 
-.. image:: ./_static/assets.png
-
 The below table provides descriptions for each of the 21 identified Defending OT with ATT&CK Architecture Assets. All assets can be mapped to 
-ATT&CK for Enterprise's platforms and/or ATT&CK for ICS' assets. There are nine assets where ATT&CK for ENterprise and ATT&CK for ICS overlap:
+ATT&CK for Enterprise's platforms and/or ATT&CK for ICS' assets. There are nine assets where ATT&CK for Enterprise and ATT&CK for ICS overlap:
 
 * Control Server
 * Human-Machine Interface (HMI)
@@ -83,7 +81,7 @@ ATT&CK for Enterprise's platforms and/or ATT&CK for ICS' assets. There are nine
 + [SaaS/M365/Google Workspace]         + third-party providers, made available to users through network connections and/or APIs.           +
 +--------------------------------------+---------------------------------------------------------------------------------------------------+
 + Container                            + A container is standard unit of virtualized software that packages up code and its dependencies   +
-+                                      + so the application runs quickly and reliably from one computing environment to another.           +
++ [Enterprise]                         + so the application runs quickly and reliably from one computing environment to another.           +
 +--------------------------------------+---------------------------------------------------------------------------------------------------+
 + Control Server                       + Control servers are typically a software platform that runs on a modern server operating system   + 
 + [ICS & Enterprise]                   + (e.g., MS Windows Server). The server typically uses one or more automation protocols (e.g.,      +

docs/collection.rst

@@ -20,13 +20,11 @@ This includes:
 
 * techniques on OT assets that run similar operating systems, protocols, and applications as enterprise IT assets.
 
- .. <<!-- TO DO --!>>
-   tagged techniques for OT environments
-   Total ATT&CK (sub-)techniques -> Mapped to each asset and count (i.e., 510 techniques mapped to each assets).
-   plus image
-   downloads:
-   - STIX bundle
-   - multi-domain ATT&CK matrix for Navigator
+The project team applied the :doc:`methodology` and employed the flexibility and customization 
+provided by ATT&CK Workbench to develop this collection of specific adversarial risks associated 
+with the 21 Defending OT with ATT&CK :doc:`architecture` assets. The resultant threat collection
+contains a combined 692 techniques from ATT&CK for Enterprise and ATT&CK for ICS (251 techniques 
+and 441 sub-techniques).
 
 Download the Threat Collection
 ------------------------------
@@ -55,7 +53,8 @@ Defending OT with ATT&CK builds upon prior work developed by the Center, includi
 Defending OT with ATT&CK uses the methodology and tooling created as part of the Center's 
 `Defending IaaS with ATT&CK project <https://center-for-threat-informed-defense.github.io/defending-iaas-with-attack/>`_ as a basis. The Defending IaaS project methodology provides
 steps to identify and select techniques across multiple ATT&CK matrices that align to a defined 
-attack surface, proving to be a solid foundation for developing Defending OT project resources.
+attack surface, proving to be a solid foundation for developing Defending OT project resources, 
+including the threat collection.
 
 The Center developed Defending IaaS With ATT&CK project to provide the community with a 
 collection of MITRE ATT&CK® techniques tailored to the unique attack surface and threat model 
@@ -72,7 +71,7 @@ rationale in Workbench's note sections, to generate the shared mapping file.
 
 The Center created ATT&CK Workbench to enable users to explore, create, annotate, and share 
 extensions of MITRE ATT&CK®. ATT&CK Workbench allows users to manage and extend their own 
-local version of ATT&CK and keep it synchronized with the ATT&CK knowledge base. ATT&CK Workrbench 
+local version of ATT&CK and keep it synchronized with the ATT&CK knowledge base. ATT&CK Workbench 
 is an open source tool publicly available on `GitHub <https://github.com/center-for-threat-informed-defense/attack-workbench-frontend>`_.
 
 ATT&CK Workbench enables a number of important use cases within the ATT&CK community, such as:
@@ -83,8 +82,4 @@ ATT&CK Workbench enables a number of important use cases within the ATT&CK commu
 
 * **Defensive Planning:** Stay up to date with the evolving threat landscape by downloading new releases of ATT&CK automatically.
 
-* **Collaboration with ATT&CK and the community:** Share your custom datasets with the ATT&CK community and download datasets created by others.
-
-
-
-
+* **Collaboration with ATT&CK and the community:** Share your custom datasets with the ATT&CK community and download datasets created by others.

docs/index.rst

@@ -12,7 +12,7 @@ This project is created and maintained by `MITRE Engenuity Center for Threat-Inf
 and is funded by our research participants, in futherance of our mission to advance the state 
 of the art and the state of the practice in threat-informed defense globally. This work builds upon the 
 Center's `Defending IaaS with ATT&CK <https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/defending-iaas-with-attack/>`_ project by 
-by using the methodology and tooling created under that project as a basis, and provides another collection
+using the methodology and tooling created under that project as a basis, and provides another collection
 of resources cyber defenders can use to understand and make threat-informed decisions for techniques that 
 could be used within an IT/OT hybrid architecture and environment. 
 
@@ -24,14 +24,13 @@ could be used within an IT/OT hybrid architecture and environment.
     architecture
     collection
     methodology
-    use cases
+    use_cases
     exercise
 
 Notice
 ------
 
-© 2024 MITRE Engenuity. Approved for public release. Document number(s)
-|prs_numbers|.
+© 2024 MITRE Engenuity. Approved for public release. Document number CT0121.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
 file except in compliance with the License. You may obtain a copy of the License at

docs/use cases.rst → docs/use_cases.rst

@@ -51,7 +51,7 @@ Defending OT with ATT&CK enables the following essential capabilities:
      including red teaming and penetration testing, to effectively evaluate real-world 
      risks across the attack surface.
 
-**Improved Security Architecture and Operations** 
+**Security Architecture and Operations** 
      Users can use the mapped information to more easily identify security control gaps 
      to protect systems and environments from threats, develop detections for adversary 
      activity, and plan appropriate response activities across their IT/OT environment.

make/sphinx.mk

@@ -17,3 +17,5 @@ docs-pdf: ## Generate PDF documentation.
 
 docs-server: ## Run server for local editing of docs.
 	sphinx-autobuild -b dirhtml -a "$(SOURCEDIR)" "$(BUILDDIR)"
+
+sphinx-build -M dirhtml "docs/" "docs/_build/" -W --keep-going