name: MITRE ATT&CK Skill description: MITRE ATT&CK framework mapping and analysis allowed-tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
- WebFetch
MITRE ATT&CK Skill
Overview
This skill provides MITRE ATT&CK framework mapping, analysis, and adversary emulation capabilities.
Capabilities
- Map TTPs to ATT&CK techniques
- Generate ATT&CK Navigator layers
- Query ATT&CK STIX data
- Create attack patterns and campaigns
- Analyze technique coverage
- Generate detection mappings
- Support ATT&CK ICS and Mobile
- Create adversary emulation plans
Target Processes
- red-team-operations.js
- purple-team-exercise.js
- threat-intelligence-research.js
- malware-analysis.js
Dependencies
- ATT&CK STIX data (via TAXII or local)
- ATT&CK Navigator
- mitreattack-python library
- Python 3.x
Usage Context
This skill is essential for:
- Adversary emulation planning
- Detection gap analysis
- Threat intelligence correlation
- Red team operation planning
- Security posture assessment
Integration Notes
- Supports all ATT&CK matrices (Enterprise, Mobile, ICS)
- Can generate Navigator layers for visualization
- Integrates with threat intelligence platforms
- Maps to detection rules and mitigations
- Supports campaign and group analysis