feat: enrich 209 skills with MITRE ATLAS, D3FEND, and NIST AI RMF frontmatter

Added structured security framework mappings to SKILL.md frontmatter across all applicable skills:
- atlas_techniques: MITRE ATLAS v5.5 AML.TXXXX IDs (81 skills, AI-targeted attack techniques)
- d3fend_techniques: MITRE D3FEND v1.3 defensive technique labels (139 skills, mapped from ATT&CK IDs)
- nist_ai_rmf: NIST AI RMF 1.0 subcategory IDs (85 skills, AI risk management functions)

Also updates ATTACK_COVERAGE.md with coverage statistics for all three frameworks.
This commit is contained in:
mukul975
2026-04-06 01:55:37 +02:00
parent c15f73db46
commit ef27f026cb
209 changed files with 3959 additions and 3379 deletions
@@ -1,17 +1,38 @@
---
name: mapping-mitre-attack-techniques
description: >
Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK
techniques and sub-techniques to quantify detection coverage and guide control prioritization.
Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs,
aligning security controls to adversary playbooks, or reporting threat exposure to executives.
description: 'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques
to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging
SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives.
Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.
'
domain: cybersecurity
subdomain: threat-intelligence
tags: [MITRE-ATT&CK, ATT&CK-Navigator, Sigma, D3FEND, TTP, detection-engineering, NIST-CSF]
tags:
- MITRE-ATT&CK
- ATT&CK-Navigator
- Sigma
- D3FEND
- TTP
- detection-engineering
- NIST-CSF
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_ai_rmf:
- MEASURE-2.7
- MAP-5.1
- MANAGE-2.4
atlas_techniques:
- AML.T0070
- AML.T0066
- AML.T0082
d3fend_techniques:
- Executable Denylisting
- Execution Isolation
- File Metadata Consistency Validation
- Content Format Conversion
- File Content Analysis
---
# Mapping MITRE ATT&CK Techniques