ATT&CK® Navigator

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to the fourth and final lesson
00:00
of Module 2, Attack Navigator.
00:00
In this lesson, we will
00:00
explore the structure and purpose of
00:00
the Attack Navigator and appreciate how
00:00
this tool can allow us to create
00:00
custom attack visualizations.
00:00
Until now, you might have been wondering how I've
00:00
made all these awesome attack visualizations.
00:00
In this lesson, I'm going to share my secret.
00:00
The Attack Navigator is a tool designed to
00:00
provide basic navigation and
00:00
annotation of attack matrices.
00:00
The Attack Navigator allows us
00:00
to manipulate the cells in a matrix,
00:00
adding color, comments,
00:00
assigning numerical values or
00:00
capturing into the matrix or notes.
00:00
This function is really important,
00:00
especially when we think about these quantitative
00:00
scorecards from the previous lesson,
00:00
as the Attack Navigator allows us to
00:00
visualize various matrix such as defensive coverage,
00:00
output of red and blue teams,
00:00
frequency of detecting techniques,
00:00
or any other matrix that we want to capture and present.
00:00
Each custom view created
00:00
by the navigator is called a layer.
00:00
These layers can be created
00:00
interactively within the tool or
00:00
generated using the custom JSON format for the navigator.
00:00
These layers can also be exported
00:00
and shared between analysts.
00:00
Full source code and documentation for
00:00
the navigator are available at
00:00
our Attack Navigator GitHub repository.
00:00
These instructions include how to stand up and
00:00
run your own instance of Navigator,
00:00
but we also host one online for everyone to use.
00:00
I definitely recommend getting
00:00
your own hands-on experience with the Navigator.
00:00
Here's a quick introduction to how to
00:00
control and use the Navigator tool.
00:00
As you can see, the matrix is presented at the bottom,
00:00
where you can select each individual cell or technique.
00:00
[NOISE] There's also a control panel at the top,
00:00
files to perform various other actions,
00:00
such as selecting techniques based on
00:00
their mappings to groups, software or mitigations.
00:00
We can also use these controls to add color or
00:00
various other annotations to selected cells.
00:00
Once done, we can export these layers into JSON,
00:00
Excel, or image formats.
00:00
The Attack Navigator allows us to create new layers,
00:00
as well as build on or open existing layers.
00:00
We can also create layers based on
00:00
the various matrices within attack such as enterprise,
00:00
mobile or even ICS.
00:00
With that little knowledge, check for Lesson 4.
00:00
Which of the following is not
00:00
true about the Attack Navigator?
00:00
Please pause the video and take a second to
00:00
think about the correct answer before proceeding.
00:00
In this case, the correct answer was A.
00:00
Attack Navigator allows us to create
00:00
custom visualizations but not edit attack content.
00:00
With that, we reach the end of Lesson 4.
00:00
In summary, the Attack Navigator enables us to annotate,
00:00
save, and share customized views
00:00
of attack known as layers.
00:00
These layers can capture many types of
00:00
data mapped to the techniques within attack.
00:00
With that, we've reached the end of Module 2.
00:00
In this module, we explore
00:00
the various benefits of using attack,
00:00
including the diversity of information and
00:00
perspective capture within the framework,
00:00
the common language for describing
00:00
adversary behaviors provided by attack,
00:00
and how attack can allow us to create and
00:00
produce cybersecurity matrix and scorecards,
00:00
very often with the Attack Navigator.
Up Next