ATT&CK Integration into VERIS

Project Summary

Published : Apr 6, 2023

This project updates and expands the translation layer between VERIS and ATT&CK allowing ATT&CK to describe the adversary behaviors that were observed in an incident coded in VERIS. These connections allow for joint analysis of the information that ATT&CK describes well alongside the incident demographics and metadata that VERIS describes well. 


Users of the VERIS data model lack a well-defined way to link incidents described in VERIS to the underlying adversary TTPs used in that incident.


Build and document a common and open method to link data in VERIS format to specific ATT&CK TTPs.


Empowers defenders to efficiently tie adversary TTPs to their real-world impact by connecting ATT&CK-based threat intel to VERIS-based incident reports. 

Funding Research Participants

Share This Project

Stay Informed

Stay informed about new releases of R&D projects and other exciting updates from the Center for Threat-Informed Defense.