ATT&CK TTP Selection
Select techniques because they address threats identified in your threat model -- not because they are commonly used or widely known. Every technique should trace back to a specific threat.
Technique Selection
| ATT&CK ID | Technique Name | Tactic | Relevance to Threat Model | Tool |
|---|---|---|---|---|
Tool Mapping
| Tool | Techniques Supported | Notes |
|---|---|---|
Attack Sequence
| Order | Technique | Rationale for Ordering |
|---|---|---|
| 1 | ||
| 2 | ||
| 3 |
The order matters. Explain why each technique comes before or after the next. Consider: what intelligence does each step produce that the next step needs? How does noise from one attack affect the viability of the next?