For any MITRE ATT&CK T-code Intelligence Card in Recorded Future, you have the ability to activate two Intelligence Card extensions. The Atomic Red Team Intelligence Card extension pulls a list of available Atomic Red Team tests for the TTP that you are viewing. The MITRE ATT&CK extension pulls Detection and Mitigation recommendations from MITRE for the TTP that you are viewing.
Enable Intelligence Card Extensions
From Configuration > Extensions, enable the Atomic Red Team and MITRE ATT&CK Intelligence Card Extensions. You must be a Configuration Admin for your enterprise to enable these extensions.
Usage
After performing Threat Profiling to identify priority TTPs used by threat actors and malware relevant to your organization, performing control validation and bolstering detections and mitigations for those priority TTPs is a good way to proactively action the intelligence and reduce the risk that those TTPs are successful against your organization. These extensions pull recommended follow-on actions to address a specific technique.
Atomic Red Team Intelligence Card Extension
The Atomic Red Team extension pulls all the recommended tests for a specific TTP to highlight available attacker simulations you can perform to assess and validate your security controls against this TTP.
To execute the tests, follow commands and recommendations on the Atomic Red Team Website. We recommend setting up Atomic Red Team on a system within your environment where you can run adversary simulations and test your controls.
MITRE ATT&CK Intelligence Card Extension
The MITRE ATT&CK extension pulls Detection and Mitigation recommendations for a specific TTP into Recorded Future from the MITRE ATT&CK website. Detection recommendations include what logs to collect and what to look for when attackers perform this TTP. Mitigation recommendations include what controls can be implemented to reduce the effectiveness of this TTP.
Summary
These Intelligence Card extensions are designed to pull high-quality resources and recommendations into Recorded Future so that you can be proactive in using threat intelligence on threat actor TTPs to measure their controls and reduce the risk of a TTP being effective in your environment.