@fugueish Yes, but I think your CSIRP and related processes would need to reference MITRE ATT&CK and require it before it would be widely used.
It can get you started on mapping out any possible threat, risk, or attack you can think of and help you come up with mitigations. But if everybody isn't using it, you'll have references and language that only some teams understand.
In real life, it is nice when our security tools link to MITRE ATT&CK because we can quickly understand what a particular alert is about. But we don't put that on a report that goes to anybody else, because, as of right now, they would have no idea what T1548.002 means.

#mitre #mitreattack #mitreattck #csirp #csirt #infosec