The calculator was built using ATT&CK Version {{ calculatorStore.attackVersion }}
The user cannot input their own data into the calculator. However, if you go to our Github you will find
our excel document that you can manipulate for local use.
The filters section is located on the left side of the Calculator tab. Filters were created to allow
- the
- user to eliminate certain techniques that do not apply to their environment. Each filter is made up of
- components that we used to create our methodology. Each component is mapped to one or more ATT&CK
+ the user to eliminate certain techniques that do not apply to their environment. Each filter is made up
+ of components that we used to create our methodology. Each component is mapped to one or more ATT&CK
technique. If a user deselects each component for a specific technique, then that technique will be
removed from pool of available techniques. Each filter was implemented at the subtechnique level, if
applicable.
@@ -55,20 +52,16 @@
selected/deselected, depending upon the environment. If only Windows machines exist, selecting Windows
will remove all techniques that are that do not apply to Windows.
For instance, under NIST 800-53, the Configuration Management (CM) Control Family is an option. If
- someone
- works in Incident Response, they might have less interest in ATT&CK techniques that can be mitigated
- with
- CM. Deselecting controls within CM will remove CM as a contributing factor in the final technique list.
- If
- a technique contains ONLY CM, that technique will be removed. If a technique contains CM AND others,
- that
- technique will remain, unless the other mitigations are deselected, as well. If no controls are
- selected,
- they will all be included by default. The same process was applied to the detection analytics, except
- due
- to the large volume, we grouped these by the repository from which they came, e.g. SigmaHQ.
+ someone works in Incident Response, they might have less interest in ATT&CK techniques that can be
+ mitigated with CM. Deselecting controls within CM will remove CM as a contributing factor in the final
+ technique list. If a technique contains ONLY CM, that technique will be removed. If a technique contains
+ CM AND others, that technique will remain, unless the other mitigations are deselected, as well. If no
+ controls are selected, they will all be included by default. The same process was applied to the
+ detection analytics, except due to the large volume, we grouped these by the repository from which they
+ came, e.g. SigmaHQ.
-
+