Definition
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is an open knowledge base of cyber adversary behavior maintained by MITRE Corporation. It catalogs tactics (the "why" - initial access, privilege escalation, exfiltration) and techniques (the "how" - phishing attachment, credential dumping, DNS tunneling). ATT&CK is the de facto standard for organizing detection content, threat intelligence, and red-team exercises. Modern EDR and XDR products map their detection content to ATT&CK technique IDs (T1059, T1078, etc.) so analysts can quickly assess detection coverage gaps. The MITRE ATT&CK Evaluations annually test EDR vendors against scripted attack scenarios; Symantec, CrowdStrike, SentinelOne, and others compete on these results.
Related terms
- EDR (Endpoint Detection and Response) - Endpoint security capability focused on detection, investigation, and response to threats that have evaded prevention.
- XDR (Extended Detection and Response) - Detection and response that correlates telemetry across endpoint, network, email, identity, and cloud - beyond EDR's endpoint-only scope.
- SOC (Security Operations Center) - Centralized team responsible for monitoring, detecting, investigating, and responding to security incidents.