ATT&CK Integration into Veris v1

This is ATT&CK Integration into Veris Release v1. View the current release.

Project Summary

Published : Aug 26, 2021

This project created a mapping and translation layer between VERIS and ATT&CK that allows ATT&CK to describe the adversary behaviors that were observed in an incident coded in VERIS. This creates the opportunity for a joint analysis of the information that ATT&CK describes well (the behaviors adversaries use to attack systems) alongside the incident demographics and metadata that VERIS describes well.

View the most current release of ATT&CK Integration into VERIS


Users of the VERIS data model lack a well-defined way to link incidents described in VERIS to the underlying adversary TTPs used in that incident.


Build and document a common and open method to link data in VERIS format to specific ATT&CK TTPs.


Empowers defenders to efficiently tie adversary TTPs to their real-world impact by connecting ATT&CK-based threat intel to VERIS-based incident reports.

funding Research Participants

Share This Project

Stay Informed

Stay informed about new releases of R&D projects and other exciting updates from the Center for Threat-Informed Defense.