We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org


Retrospective review of information gained from an operation .

Analysis is used to aggregate, examine, and evaluate the results of an operation. Analysis is useful for improving the defender's security posture through the synthesis of operational data. Additionally, analysis can be used to turn data into actionable intelligence about an adversary’s motivators, behaviors, tactics, and techniques.

Defenders can use analysis to gain insight into adversary activity and thus inform detection and analytics refinements. Reviewing the execution of an operation also provides feedback for the team to improve the quality of future operations. Finally, Analysis activities ensure that each operation is informed by the successes and learns from the failures of past operations.

ID: SAP0002
Type:  Strategic
Goals:  Understand


Activity NameDescriptionID
Distill Intelligence Turn raw data gained during an operation into actionable intelligence. SAC0008
Hotwash Review the retrospective of operational activities. SAC0006
Inform Threat Model Update existing threat models based on intelligence gained during engagement operation. SAC0009
Refine Operation Activities Update and improve the implementation of operational activities to better achieve the strategic goal. SAC0007