Tactics, Techniques, and Procedures (TTPs) are behaviors, methods, or patterns of activity used by a threat actor, or group of threat actors.
MITRE Techniques are derived from MITRE ATT&CK™. This framework provides a list of common tactics, techniques, and procedures that can be used to discover potential threats and identify areas of risk and improvement in your environment. The framework is comprised of 12 Tactics and over 300 Techniques, which adversaries use to compromise systems and enterprises.
Carbon Black TTPs
Events and alerts are tagged with Carbon Black TTPs to provide context around attacks and behaviors leading up to attacks that are detected and prevented by policy actions.
Carbon Black TTPs present as fully colored pills, based on severity.
TTP color severity legend
Dark red: Critical
Bright red: High
Black: Policy action
Use the TTP Reference for a full list and description of all Carbon Black TTPs.
Events and alerts may also be tagged with MITRE Techniques, derived from MITRE ATT&CK™.
MITRE techniques appear alongside TTPs and always have a "mitre_" prefix, followed by the Technique ID, and the Technique name. They present as hollow pills with a colored border, based on severity.
MITRE TID color severity legend
Dark red border: Critical
Bright red border: High
Orange border: Medium
Yellow border: Low