Priority Matrix
Description
Priority Matrix MITRE ATT&CK helps assess and visualize which attack techniques may pose the greatest threat to an organization. Priority selection can be based on the following factors.
Impact factor:
- Which assets may be affected?
- What is the potential damage?
Probability factor:
- How widespread is this attack method?
- What detection tools identify it?
This list can continue depending on how detailed the expert assessment should be.
Usage
To start using the priority matrix, select the Priority Matrix item in the navigation menu in the MITRE ATT&CK section. The matrix interface looks as follows:
Functional Features
Control Panel
- Layer - selection of layer in which priority settings are configured, layers are pre-created through layer editor
- Tactics - selection of tactics list for which configuration is needed
- Data Sources - selection of data sources list that characterize the area of potential threat emergence
- Techniques - selection of required techniques list for priority settings
- Expand All Subtechniques switch — displays all child elements of the technique
Techniques
Each technique is interactive. When clicking on a technique of interest to the user, the following window is displayed:
The technique contains:
- text description
- link to the technique
- technique applicability area
- technique priority
- layer to which it belongs
If the technique has multiple subtechniques, they are also interactive.
Filtering
The following filtering types are available for the priority matrix:
- filtering by tactics
- filtering by data sources
- filtering by techniques
Priority Setup
Priority setup is available in the window for viewing detailed technique information. If priority is changed for a subtechnique, there is an option to update the parent technique using the Update Parent Technique option:
