How Vectra Aligns with the MITRE ATT&CK Model


SANS: Threat Hunting
with Consistency

Read about a different threat hunting technique using the MITRE ATT&CK model.

Download paper

Discover Vectra Cognito
at Your Own Pace

Register for an interactive and self-guided tour of Cognito Detect.

Start tour

Achieve Threat Hunting Consistency

Learn why you should use the MITRE ATT&CK  framework for threat hunting.

Read blog

Top 3 Reasons Why NDR is Well Suited for Detecting MITRE ATT&CK TTPs

To catch a thief, you must think like a thief.


ATT&CK takes the perspective of the adversary


The MITRE ATT&CK framework takes the perspective of the adversary, so defenders can more easily follow an adversary’s motivation for individual actions and understand how those actions and dependences relate to specific classes of defenses.


The network never lies


Attackers use Power Automate to exfiltrate sensitive data to other cloud services that look benign


NDR provides coverage


Misconfigurations in cloud software, infrastructure, and platforms are easy entry for attacks

By associating your threat hunts with known threat actor objectives, techniques and tactics, you’ll begin to think of threat hunting not as a singular activity but rather in the of how an attacker may achieve that objective within your environment."

Matt Bromiley
Certified instructor

Why Vectra

Cognito Detect from Vectra is the fastest, most efficient way to find and stop cyberattacks in public clouds, private data centers and enterprise environments.

It uses artificial intelligence to deliver real-time attack visibility and put attack details at your fingertips.

Cognito Detect covers 97% of the network techniques identified by the MITRE ATT&CK model, which indirectly exposes techniques that attackers use to compromise endpoints