Here is a quick-start guide to CTI Butler showing you how much easier it makes working with these frameworks.

The MITRE ATT&CK Navigator is a very useful tool to explore the MITRE ATT&CK (and other similar frameworks). In this post I take a look what you can do with Navigator and how it works under the hood so that you can use it to model your own ATT&CK-like frameworks.

Our intel team is increasingly using the DISARM framework to classify parts of our research as disinformation campaigns continue increase. In this post I will introduce the DISARM data structure.

Discover how MITRE ATLAS is helping to defend AI systems as I share a detailed explanation of how the knowledge-base is architected.

We do a lot of our research into vulnerabilities. To aid this, we enrich CVEs using many remote sources of intelligence. Here is a walk-through showing how we connect CVEs to EPSS scores, CISA KEVs, MITRE ATT&CK, CWEs, and CAPECs.

CTI Butler links many common knowledge bases, for example linking MITRE ATT&CK to CAPEC objects, to improve the context of our research. This post describes the logic CTI Butler employs behind the scenes to do this.

In this post I walk you through the database queries we use to compare Sigma Rules releases. We use these to identify the detail of what has changed before we push any updates internally.

We needed a way to link all of our threat intel research to detection rulesets in one place. Our solution; model Sigma Rules as STIX objects.

Last week saw the release of CWE v4.16. I took a deeper look into the latest release so you don't have to.

I pitch OpenAI, Anthropic and Google against each other to see which one best understands MITRE ATT&CK