Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb
ctid cyber-threat-intelligence cybersecurity insider-threat mitre-attack threat-informed-defense
Last synced: 3 days ago
JSON representation
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
- Host: GitHub
- URL: https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb
- Owner: center-for-threat-informed-defense
- License: apache-2.0
- Created: 2022-01-19T18:06:55.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-09-04T00:39:23.000Z (5 months ago)
- Last Synced: 2025-01-12T09:05:17.450Z (10 days ago)
- Topics: ctid, cyber-threat-intelligence, cybersecurity, insider-threat, mitre-attack, threat-informed-defense
- Language: Python
- Homepage: https://ctid.io/insider-threat
- Size: 14.8 MB
- Stars: 141
- Watchers: 80
- Forks: 20
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.txt
Awesome Lists containing this project
README
[](https://attack.mitre.org/versions/v14/)
# Insider Threat TTP Knowledge Base
To advance our collective understanding of insider threats, the Center for
Threat-Informed Defense developed the Insider Threat TTP Knowledge Base, a collection of
TTPs used by insiders in IT environments. This Knowledge Base builds upon data collected
from insider threat incidents, lessons learned, and data from the ATT&CK® knowledge
base. With this lexicon of known insider threat TTPs as a foundation, defenders will
detect, mitigate, and protect against insider actions on IT systems.
**Table Of Contents:**
- [Getting Started](#getting-started)
- [Getting Involved](#getting-involved)
- [Questions and Feedback](#questions-and-feedback)
- [Notice](#notice)
## Getting Started
Read the methodology paper to familiarize yourself with the project's overall goals,
constraints, and methods. Access the TTP data in CSV, JSON, or ATT&CK® Navigator format.
| Resource | Description |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
| [Project Website](https://center-for-threat-informed-defense.github.io/insider-threat-ttp-kb/) | The project website containing data, analsysis, and all project artifacts. |
| [Insider Techniques – Excel](https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb/raw/main/docs/extra/green_seen_v1_v2.xlsx) | A spreadsheet containing the Insider Threat TTP Knowledge Base. |
| [Insider Techniques – ATT&CK Navigator](https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb/raw/main/docs/extra/green_seen_v1_v2.json) | An ATT&CK Navigator layer containing the Insider Threat TTP Knowledge Base. |
## Getting Involved
This Knowledge Base is an evidence-based examination of detected and documented insider
threat actions on IT systems from across various organizations/industries. There are
several ways that you can get involved with this work and help advance threat-informed
defense:
- **Review the KB, use it, and tell us what you think.** We need your help to validate
or improve upon our analysis. We welcome your review and feedback on the methodology
and resources.
- **Apply the methodology and share your data.** We seek to learn about your insider
threat use cases and data sources, enabling us to mature this KB and raise the level
of difficulty for any insider. Help us expand the knowledge base by contributing your
data. Contact us at [email protected] to learn more about contributing to the
knowledge base.
- **Share your ideas.** We are interested in developing additional resources to help the
community understand and make threat-informed decisions regarding insider threat. If
you have ideas or suggestions, please let us know.
## Questions and Feedback
Publishing the Knowledge Base is a first step toward establishing a community-wide
collaboration to advance our collective understanding of insider threat. We are
actively seeking feedback on this initial release and will continue to evolve it with
your support. Please see the guidance for contributors if are you interested in
[contributing or simply reporting issues.](/CONTRIBUTING.md)
Please submit
[issues](https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb/issues) for
any technical questions/concerns or contact
[[email protected]](mailto:[email protected]?subject=subject=Question%20about%20insider-threat-ttp-kb)
directly for more general inquiries.
## Notice
Copyright 2024 MITRE Engenuity. Approved for public release. Document numbers CT0041,
CT0102.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This project makes use of ATT&CK®
[ATT&CK® Terms of Use](https://attack.mitre.org/resources/terms-of-use/)