About CAPECFrequently Asked QuestionsAnswers to the most frequently asked questions are available below. Please send any additional questions you may have to capec@mitre.org. What is an "attack pattern"? An attack pattern is a description of the common attributes and approaches employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. Attack patterns define the challenges that an adversary may face and how they go about solving it. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples. Is there a glossary describing the various terms used in the CAPEC List? Yes, see the Glossary page. How is CAPEC versioned? CAPEC consists of two distinct artifacts: the CAPEC List and the CAPEC Schema. The CAPEC List is a collection of all the attack patterns that have been defined, while the CAPEC Schema is an XML schema that defines the format of the CAPEC List. Each artifact is versioned separately; however, each follows the same versioning schema. There is a major version number that represents the primary conceptual foundation of CAPEC. The major version is consistent between the CAPEC List and the CAPEC Schema, for example "CAPEC List Version 2.x" and "CAPEC Schema Version 2.x". There is also a minor version that is used to track smaller changes. For the CAPEC List, the minor version changes when entries are added or modified. Changes are made in bulk and the minor version is increased each time. For the CAPEC Schema, the minor version changes each time the schema is updated. How is CAPEC related to ATT&CK? Understanding adversary behavior is increasingly important in cybersecurity. Two approaches exist for organizing knowledge about adversary behavior – CAPEC and ATT&CK, each focused on a specific set of use-cases. Please visit our ATT&CK Comparison page that explains the similarities, differences, and relationship between CAPEC and ATT&CK and the role of each in cybersecurity. More information is available — Please select a different filter. |