The MITRE ATT&CK Module (version 2.7.0) is a collection of AI Engine rules designed to detect unusual or malicious user activity that is occurring within your organization’s network.

The MITRE ATT&CK module contains licensed content and is available only to customers with a valid subscription.

Matrices

AI Engine Rules

Guides

MITRE ATT&CK Deployment Guide MITRE ATT&CK User Guide

Module Revisions

The following table summarizes the changes that have been made for the latest release (v2.7.0) of the MITRE ATT&CK Module.

AIE Rule ID

AIE Rule Name

New

1544

T1490:Inhibit System Recovery

1545T1562.001:Disable or Modify Tools:Windows Defender
1546 T1106:Native API  
1547 T1027:Obfuscated Files or Information 
1548 T1059.001:PowerShell:ProviderLifeCycle 
Updated
1479 T1083:File and Directory Discovery 
1464 1464 T1059.001:PowerShell