This article has been indexed from CSO Online
Incident responders work much like police detectives or journalists, in search of the who, what, when, why and how of incidents before they can take steps to address problems. One tool that helps responders address incidents after they occur and position organizations for better defense in the future is the widely used Mitre ATT&CK framework (with ATT&CK standing for Adversarial Tactics, Techniques, and Common Knowledge).
The ATT&CK framework is deployed as a cyber intelligence tool during or after an incident to identify the relevant adversary and reveal appropriate mitigation steps. One recent example comes from McAfee, which used ATT&CK in a case that initially started as an investigation into a suspected malware infection but ended up as a surprise discovery of a long-term cyberattack by two Chinese threat groups, APT27 and APT4.
Read the original article: MITRE ATT&CK, VERIS frameworks integrate for better incident insights