implementing-threat-modeling-with-mitre-attack
Installation
SKILL.md
Implementing Threat Modeling with MITRE ATT&CK
When to Use
Use this skill when:
- SOC teams need to assess detection coverage against relevant threat actors and their TTPs
- Security leadership requires threat-informed defense prioritization
- New environments (cloud migration, OT integration) need detection strategy planning
- Purple team exercises require structured adversary emulation based on threat models
- Annual risk assessments need ATT&CK-based threat landscape analysis
Do not use as a one-time exercise — threat models must be continuously updated as adversary TTPs evolve and organizational attack surface changes.
Prerequisites
- MITRE ATT&CK framework knowledge (Enterprise, ICS, Mobile, or Cloud matrices)
- ATT&CK Navigator tool (web or local) for layer visualization
- Current detection rule inventory mapped to ATT&CK technique IDs
- Threat intelligence on adversary groups targeting your sector
- Organizational asset inventory with criticality classifications