Tactics, Techniques, and Procedures (TTPs) are behaviors, methods, or patterns of activity used by a threat actor, or group of threat actors.

MITRE Techniques are derived from MITRE ATT&CK™. This framework provides a list of common tactics, techniques, and procedures that can be used to discover potential threats and identify areas of risk and improvement in your environment. The framework is comprised of 12 Tactics and over 300 Techniques, which adversaries use to compromise systems and enterprises.

Carbon Black TTPs

Events and alerts are tagged with Carbon Black TTPs to provide context around attacks and behaviors leading up to attacks that are detected and prevented by policy actions.

Carbon Black TTPs present as fully colored pills, based on severity.

TTP color severity legend

  • Dark red: Critical

  • Bright red: High

  • Orange: Medium

  • Yellow: Low

  • Gray: None

  • Black: Policy action

Use the TTP Reference for a full list and description of all Carbon Black TTPs.

MITRE Techniques

Events and alerts may also be tagged with MITRE Techniques, derived from MITRE ATT&CK™.

MITRE techniques appear alongside TTPs and always have a "mitre_" prefix, followed by the Technique ID, and the Technique name. They present as hollow pills with a colored border, based on severity.

MITRE TID color severity legend

  • Dark red border: Critical

  • Bright red border: High

  • Orange border: Medium

  • Yellow border: Low

Click a MITRE Technique pill to learn more on the MITRE ATT&CK™ website, and use the MITRE Techniques Reference for a full list of MITRE techniques in the Carbon Black Cloud console.