CAR knowledge base

The CAR (Cyber Analytics Repository) knowledge base is “a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK® adversary model. CAR defines a data model that is leveraged in its pseudocode representations but also includes implementations directly targeted at specific tools (e.g., Splunk, EQL) in its analytics. With respect to coverage, CAR is focused on providing a set of validated and well-explained analytics, in particular regarding operating theory and rationale.”

CAR ATT&CK® Navigator layer

The ATTACK Navigator, the web-based tool for annotating and exploring ATT&CK matrices can be used to visualize defensive coverage, red/blue team planning, the frequency of detected techniques, etc. It has a CAR ATT&CK® Navigator layer.