100

ATT&CK mapping decisions for detection engineering

How do the attached sources describe ATT&CK at a high level?
Difficulty: Easy
According to the attached sources, what does an ATT&CK technique represent?
Difficulty: Medium
For detection engineering, what mapping approach do the sources support when an observed behavior could fit more than one ATT&CK entry?
Difficulty: Hard
Which statement best reflects the limitation noted in the attached sources about recurring behaviors such as privilege escalation, persistence, active scanning, account manipulation, and exfiltration-related activity?
Difficulty: Medium