Threat Report ATT&CK Mapper (TRAM)

Published

Problem

Mapping new threat intel reports to ATT&CK is difficult, error prone, and time consuming.

Solution

Develop an open-source platform for researching the application of NLP and ML to identify TTPs in threat intel reports and allow analysts to validate those TTPs.

Impact

Accelerate research into automated TTP identification in threat intel reports to greatly reduce the time and effort required to integrate new intelligence into cyber operations.

Funding Research Participants

Project Summary

TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®. TRAM enables researchers to test and refine Machine Learning (ML) models for identifying ATT&CK techniques in prose-based threat intel reports and allows threat intel analysts to train ML models and validate ML results.

Through research into automating the mapping of cyber threat intel reports to ATT&CK, TRAM aims to reduce the cost and increase the effectiveness of integrating ATT&CK into cyber threat intelligence across the community. Threat intel providers, threat intel platforms, and analysts should be able to use TRAM to integrate ATT&CK more easily and consistently into their products.