0

The only 'solution' I thought of is linking a CVE to a CWE and then to a CAPEC (Method found in this link: How to find CAPEC items related to a CVE) but I am unable to get from a CAPEC attack pattern to a technique/tactic in the ATT&CK matrix.

(On a side note what is the difference between CAPEC and the ATT&CK matrix? They both seem to serve the same purpose to me)

schroeder
  • 123,438
  • 55
  • 284
  • 319
Xin
  • 1
  • 1
  • Many an unfortunate soul has be tasked over the years with doing this. Good Luck! – user10216038 Jan 21 '20 at 17:21
  • CVE:ATT&CK mapping would not be 1:1 rather many:many. On the difference between CAPEC and ATT&CK see [https://capec.mitre.org/about/attack_comparison.html](https://capec.mitre.org/about/attack_comparison.html) – Enos D'Andrea Jun 16 '20 at 14:15

0 Answers0