Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
Frequently Asked Questions
Answers to the most frequently asked questions are available below. Please send any additional questions you may have to firstname.lastname@example.org.
What is an "attack pattern"?
An attack pattern is an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed. Each pattern defines a challenge that an attacker may face, provides a description of the common technique(s) used to meet the challenge, and presents recommended methods for mitigating an actual attack. Attack patterns help categorize attacks in a meaningful way in an effort to provide a coherent way of teaching designers and developers how their systems may be attacked and how they can effectively defend them. The CAPEC List provides a formal list of known attack patterns.
Is there a glossary describing the various terms used in the CAPEC List?
Yes, see the Glossary page.
How is CAPEC versioned?
CAPEC consists of two distinct artifacts: the CAPEC List and the CAPEC Schema. The CAPEC List is a collection of all the attack patterns that have been defined, while the CAPEC Schema is an XML schema that defines the format of the CAPEC List. Each artifact is versioned separately; however, each follows the same versioning schema.
There is a major version number that represents the primary conceptual foundation of CAPEC. The major version is consistent between the CAPEC List and the CAPEC Schema, for example "CAPEC List Version 2.x" and "CAPEC Schema Version 2.x".
There is also a minor version that is used to track smaller changes. For the CAPEC List, the minor version changes when entries are added or modified. Changes are made in bulk and the minor version is increased each time. For the CAPEC Schema, the minor version changes each time the schema is updated.
How is CAPEC related to ATT&CK?
Understanding adversary behavior is increasingly important in cybersecurity. Two approaches exist for organizing knowledge about adversary behavior – CAPEC and ATT&CK, each focused on a specific set of use-cases. Please visit our ATT&CK Comparison page that explains the similarities, differences, and relationship between CAPEC and ATT&CK and the role of each in cybersecurity.
More information is available — Please select a different filter.