ATT&CK Workbench: A tool for extending ATT&CK

The Center for Threat Informed Defense, operated by MITRE Engenuity, today launched ATT&CK Workbench. Workbench is a new, easy-to-use open-source tool that allows organizations to manage and extend their own local version of MITRE ATT&CK and keep it in sync with MITRE’s knowledge base. It creates a customized instance of the ATT&CK knowledgebase where security teams can explore, extend and annotate ATT&CK data.

The key benefits of Workbench for the ATT&CK user community include:

• Empowers users to leverage their own local ATT&CK instance to define new adversary TTPs and apply ATT&CK in bespoke ways to address threats.
• Users can store their own local instance of ATT&CK for internal use and also share the ATT&CK knowledge base with the community.
• Allows users to share their extensions with the greater ATT&CK community, facilitating stronger collaboration within the community than is possible with current tools.

• Enables information sharing centers (ISACs) and information sharing organizations (ISAOs) to share their ATT&CK knowledge base enhancements with their members.
• Helps red and blue teams all over the world improve their threat-informed defense through increased information sharing and collaboration. It will improve overall knowledge of the adversary, and allow the wider community to gain a strategic and operational advantage.