-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Add files via upload * Delete design-principles-and-methodology.docx * Update README.md Co-authored-by: iSkoog <[email protected]> Co-authored-by: Jon Baker <[email protected]>
- Loading branch information
3 people
authored
Feb 16, 2022
1 parent
fe642f2
commit 7b46329
Showing
3 changed files
with
16 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,25 @@ | ||
| # Insider Threat TTP Knowledgebase | ||
| The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures | ||
| (TTPs)used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon | ||
| data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base. | ||
|
|
||
| ## File List | ||
| | File | Description | | ||
| |------|-------------| | ||
| | [design-principles-and-methodology.docx](https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb/blob/main/design-principles-and-methodology.docx?raw=true) | A document describing the design principles and methodology of the Insider Threat TTP Knowledgebase | | ||
| | [insider-threat-ttp-kb.csv](insider-threat-ttp-kb.csv) | A spreadsheet containing the Insider Threat TTP Knowledgebase | | ||
| | [insider-threat-ttp-kb.json](insider-threat-ttp-kb.json) | A navigator layer representing the Insider Threat TTP Knowledgebase | | ||
| | [insider-threat-heatmap.json](insider-threat-heatmap.json) | A navigator layer representing the Insider Threat TTP Knowledgebase as a heatmap| | ||
| # Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base | ||
| To advance our collective understanding of insider threats, the Center for Threat-Informed Defense developed the Insider Threat TTP Knowledge Base, a collection of TTPs used by insiders in IT environments. This Knowledge Base builds upon | ||
| data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base. With this lexicon of known insider threat TTPs as a foundation, defenders will detect, mitigate, and emulate insider actions on IT systems and stop them. | ||
|
|
||
| ## Questions and Feedback | ||
| Please submit issues for any technical questions/concerns or contact [email protected] directly for more general inquiries. | ||
|
|
||
| Also see the guidance for contributors if are you interested in contributing or simply reporting issues. | ||
| | Resource | Description | | ||
| |----------|-------------| | ||
| | [design-principles-and-methodology.pdf](design-principles-and-methodology.pdf?raw=true) | A document describing the design principles and methodology of the Insider Threat TTP Knowledgebase | | ||
| | [insider-threat-ttp-kb.csv](insider-threat-ttp-kb.csv) | A spreadsheet containing the Insider Threat TTP Knowledgebase | | ||
| | [insider-threat-ttp-kb.json](insider-threat-ttp-kb.json) | An ATT&CK navigator layer representing the Insider Threat TTP Knowledgebase | | ||
| | [insider-threat-heatmap.json](insider-threat-heatmap.json) | An ATT&CK navigator layer representing the Insider Threat TTP Knowledgebase as a heatmap| | ||
|
|
||
| ## Getting Involved | ||
| This initial Knowledge Base is an evidence-based examination of detected, documented insider threat actions on IT systems from across various organizations and industries. There are several ways that you can get involved with this work and help advance threat-informed defense: | ||
|
|
||
| ### Proposing Changes | ||
| - **Review the KB, use it, and tell us what you think.** We need your help to validate or refute this initial analysis. We welcome your review and feedback on the methodology and resources. | ||
| - **Apply the methodology and share your data.** We seek to learn about your insider threat use cases and data sources, enabling us to mature this KB and raise the level of difficulty for any insider. Help us expand the knowledge base by contributing your data. Contact us at [email protected] to learn more about contributing to the knowledge base. | ||
| - **Share your ideas.** We are interested in developing additional resources to help the community understand and make threat-informed decisions regarding insider threat. If you have ideas or suggestions, please let us know. | ||
|
|
||
| * Please open a [Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) (PR) against the `main` branch for any desired changes. The PR will be reviewed by the project team. | ||
| * Note that all PR checks must pass to be eligible for merge approval. | ||
|
|
||
| ## Questions and Feedback | ||
| Publishing the Knowledge Base is a first step toward establishing a community-wide collaboration to advance our collective understanding of insider threat. We are actively seeking feedback on this initial release and will continue to evolve it with your support. Please submit issues for any technical questions/concerns or contact [email protected] directly for more general inquiries. | ||
|
|
||
| ## Notice | ||
| Copyright 2022 MITRE Engenuity. Approved for public release. Document number CT0041. | ||
|
|
||
Binary file not shown.
Binary file not shown.