MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques

The MITRE Corporation today has announced some changes in it’s tactics techniques, including the sunsetting of the PRE-ATT&ACK component only more recently announced.

Per the release page:

Retirement of PRE-ATT&CK – This release deprecates and removes the PRE-ATT&CK domain from ATT&CK, replacing its scope with two new Tactics in Enterprise ATT&CK Reconnaissance and Resource Development.

There’s also an accompanying blog post that talks about the reasons behind the changes: Bringing PRE into Enterprise

We’ve not yet updated the tactics in Azure Sentinel with which to create the proper category assignments for Analytics Rules and Hunting Queries, but I’ve gone ahead and updated the Reference Workbook to include the new techniques.

Reconnaissance and Resource Development

The most current version of the MITRE ATT&CK Framework Reference for Azure Sentinel can always be found in my GitHub repo:

[Want to discuss this further? Hit me up on Twitter or LinkedIn]