MicrosoftThis is terrific, thank you for putting it together. It's nice to have the vendor publish a threat matrix for their product, I hope others follow suit!
To those who are making comments about splintering from Mitre's matrix, Mitre's matrix was designed for intelligence uses, and there are design decisions (only publishing when there's documented evidence that an attacker has used it) that make sense in that context, but do not work for other cyber security needs. I think intel might be the ONLY cyber security discipline that has the luxury of waiting until a technique has been demonstrably used. For threat detection purposes (my field of expertise), we cannot wait to build defenses against a technique. That would be like requiring a sacrificial lamb for every technique: we won't document it until someone's network has been publicly breached by it. Who wants to be the lamb?!? Once it's proven a technique WORKS, we need to get defenses in place, SPECIFICALLY so that we've done it before threat actors start using it. So, we need threat matrices that are more specific and more flexible than ATT&CK has proven to be. Personally, I think it's time for the community to create an Open Threat Matrix, because I agree that one numbering system would be ideal, but Mitre's ATT&CK isn't the solution for all of us.
