ATT&CK versions #1740
-
|
Hello all/Splunk, I had a quick search on here and could not find anything. I am wondering what ATT&CK version most detection rules map against and which version of ATT&CK will be used for let's say a new detection you are building. Will you map against v10 v9 v8 v6? Techniques + sub-techniques if applicable? If you have any documentation how you do it, what the plans are/is or articles around this I would (we would) appreciate it. PS: Reason why I am asking, it can get very confusing if you have multiple tools/systems and multiple ATT&CK versions in place in an enterprise and having some 'old' content that maps to v5 still |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
hey apologies @julianwieg we totally did not see this, the short answer is we will always follow the latest ATT&CK matrix version and attempt to adjust any changes made in the technique ids with every release. |
Beta Was this translation helpful? Give feedback.
hey apologies @julianwieg we totally did not see this, the short answer is we will always follow the latest ATT&CK matrix version and attempt to adjust any changes made in the technique ids with every release.