[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [MITRE Att\&ck](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) 4. [What is the Difference Between MITRE ATT\&CK Sub-Techniques and Procedures?](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures?ts=markdown) Table of Contents * [What Is MITRE ATT\&CK Framework?](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) * [MITRE ATT\&CK Framework Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#mitre?ts=markdown) * [Structuring Adversary Behavior by Tactic](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#structuring?ts=markdown) * [MITRE ATT\&CK Tactics and Their Role in Security Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#intelligence?ts=markdown) * [MITRE ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#techniques?ts=markdown) * [MITRE ATT\&CK Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#usecases?ts=markdown) * [Using the MITRE ATT\&CK Framework during a Live Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#live?ts=markdown) * [Comparing MITRE ATT\&CK and the Cyber Kill Chain](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#comparing?ts=markdown) * [Advancing Organizational Maturity with ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#advancing?ts=markdown) * [Toward a Behavioral Framework for Securing AI](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#toward?ts=markdown) * [MITRE ATT\&CK Framework FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#faqs?ts=markdown) * [How Do I Implement MITRE ATT\&CK Techniques?](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques?ts=markdown) * [Key Elements of the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#key-elements?ts=markdown) * [How to Implement MITRE ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#implement?ts=markdown) * [How to Use MITRE ATT\&CK Techniques Effectively](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#how-to-use?ts=markdown) * [MITRE ATT\&CK Techniques Used Often by Cyber Attackers](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#techniques?ts=markdown) * [Implementing MITRE ATT\&CK Techniques FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#faq?ts=markdown) * [What is the MITRE ATT\&CK Matrix?](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix?ts=markdown) * [MITRE ATT\&CK Matrix Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#mitre?ts=markdown) * [Key Components of MITRE ATT\&CK: Tactics, Techniques, and Procedures](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#key?ts=markdown) * [Diverse MITRE ATT\&CK Matrices: Adapting to Specific Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#diverse?ts=markdown) * [How Organizations Operationalize MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#how?ts=markdown) * [Implementing and Maintaining a MITRE ATT\&CK Program](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#program?ts=markdown) * [Benefits of Leveraging the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#benefits?ts=markdown) * [Common Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#solutions?ts=markdown) * [MITRE ATT\&CK and the Cybersecurity Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#landscape?ts=markdown) * [MITRE ATT\&CK Matrix FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#faqs?ts=markdown) * [What Are MITRE ATT\&CK Techniques?](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques?ts=markdown) * [MITRE ATT\&CK Techniques Explained](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#techniques?ts=markdown) * [The Anatomy of a MITRE ATT\&CK Technique](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#anatomy?ts=markdown) * [Understanding Common and Emerging ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#common-techniques?ts=markdown) * [Detecting and Mitigating MITRE ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#detecting?ts=markdown) * [Leveraging ATT\&CK Techniques for Enhanced Security Operations](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#leveraging?ts=markdown) * [The Future Evolution of ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#future-evolution?ts=markdown) * [MITRE ATT\&CK Techniques FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#faqs?ts=markdown) * [How Has MITRE ATT\&CK Evolved?](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation?ts=markdown) * [Evolution of MITRE ATT\&CK Explained](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#evolution?ts=markdown) * [The Historical Trajectory of MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#historical?ts=markdown) * [Why TTPs Matter: Shifting the Cybersecurity Paradigm](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#why?ts=markdown) * [Key Milestones in ATT\&CK's Expansion and Refinement](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#key?ts=markdown) * [Core Components and Their Evolving Definition](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#core?ts=markdown) * [Why the Evolution Matters: Benefits for Cybersecurity Professionals](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#professionals?ts=markdown) * [Addressing the Evolving Threat Landscape with ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#evolving?ts=markdown) * [Operationalizing the Framework: Practical Applications and Challenges](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#challenges?ts=markdown) * [The Future of MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#future?ts=markdown) * [Evolution of MITRE ATT\&CK FAQs](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#faqs?ts=markdown) * [What Are MITRE ATT\&CK Use Cases?](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases?ts=markdown) * [How MITRE ATT\&CK Benefits Organizations](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#how?ts=markdown) * [Key Components of the ATT\&CK Matrix](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#key?ts=markdown) * [Main Use Cases for MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#main?ts=markdown) * [Real-World Applications of MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#real?ts=markdown) * [MITRE Att\&ck Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#faqs?ts=markdown) * [A CISO's Guide to MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack?ts=markdown) * [MITRE ATT\&CK Explained](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#mitre?ts=markdown) * [Benefits of MITRE ATT\&CK for CISOs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#benefits?ts=markdown) * [How MITRE ATT\&CK Works for Cybersecurity Leaders](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#how?ts=markdown) * [Implementing MITRE ATT\&CK in Your Security Operations](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#operations?ts=markdown) * [Challenges and Best Practices for CISOs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#challenges?ts=markdown) * [MITRE ATT\&CK for CISOs FAQs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#faqs?ts=markdown) * [How Does MITRE ATT\&CK Apply to Different Technologies?](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies?ts=markdown) * [Key Elements of the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies#key?ts=markdown) * [Technological Domains of the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies#technological?ts=markdown) * [MITRE ATT\&CK for Different Technologies FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies#faqs?ts=markdown) * What is the Difference Between MITRE ATT\&CK Sub-Techniques and Procedures? * [Understanding the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#understanding?ts=markdown) * [Exploring Sub-Techniques in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#sub-techniques?ts=markdown) * [Exploring Procedures in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#procedures?ts=markdown) * [The Role of Sub-Techniques in Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#role?ts=markdown) * [Procedures as a Tool for Detailed Threat Analysis](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#tool?ts=markdown) * [Continuous Evolution: Staying Updated with ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#continuous?ts=markdown) * [MITRE ATT\&CK Sub-Techniques vs. Procedures FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#faqs?ts=markdown) # What is the Difference Between MITRE ATT\&CK Sub-Techniques and Procedures? 5 min. read Table of Contents * * [Understanding the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#understanding?ts=markdown) * [Exploring Sub-Techniques in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#sub-techniques?ts=markdown) * [Exploring Procedures in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#procedures?ts=markdown) * [The Role of Sub-Techniques in Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#role?ts=markdown) * [Procedures as a Tool for Detailed Threat Analysis](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#tool?ts=markdown) * [Continuous Evolution: Staying Updated with ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#continuous?ts=markdown) * [MITRE ATT\&CK Sub-Techniques vs. Procedures FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#faqs?ts=markdown) 1. Understanding the MITRE ATT\&CK Framework * * [Understanding the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#understanding?ts=markdown) * [Exploring Sub-Techniques in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#sub-techniques?ts=markdown) * [Exploring Procedures in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#procedures?ts=markdown) * [The Role of Sub-Techniques in Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#role?ts=markdown) * [Procedures as a Tool for Detailed Threat Analysis](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#tool?ts=markdown) * [Continuous Evolution: Staying Updated with ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#continuous?ts=markdown) * [MITRE ATT\&CK Sub-Techniques vs. Procedures FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#faqs?ts=markdown) MITRE ATT\&CK, a framework for understanding and categorizing cyberthreats, includes both sub-techniques and procedures, each serving a distinct role. While sub-techniques provide a more detailed classification within the broader techniques of the ATT\&CK framework, procedures are the real-world instances or methods of how attackers carry out these techniques and sub-techniques. More specifically: Sub-techniques: * Are refinements or more specific manifestations of the main techniques listed in the ATT\&CK framework * Provide a more granular view of how a particular technique can be executed * Allow for a deeper understanding and more precise categorization of attacker behaviors. For example, if the primary technique is ["phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown)," sub-techniques might include "spear phishing" or "whaling," which are specific types of phishing attacks Procedures: * Provide specific methods or steps an adversary uses to execute a technique or sub-technique * Represent attackers' actual implementation of the techniques in the real world * Vary widely, even when the underlying technique or sub-technique is the same, as different threat actors might have other tools, skills, or resources. ## Understanding the MITRE ATT\&CK Framework The MITRE ATT\&CK framework, developed by MITRE Corporation, stands as a cornerstone in the realm of the landscape of cyber threats and adversary tactics, offering a comprehensive and structured approach to understanding the strategies employed by cyber adversaries. ATT\&CK, which stands for Adversarial Tactics, Techniques, and Common Knowledge, is not just a static model - it's a living framework that constantly incorporates evolving methods and behaviors of known adversaries. Initially released in 2013, this framework has become an invaluable tool for security professionals, enabling them to detect and trace potential threats and develop effective defense mechanisms. ![MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/mitre-attack-sub-techniques-vs-procedures/understanding-the-mitre-attack-framework.png "MITRE ATT&CK Frameworrk") *The MITRE ATT\&CK framework is a knowledge base of tactics and techniques designed for threat hunters, defenders and red teams to help classify attacks.* ### Structure of the MITRE ATT\&CK Framework The main components of the MITRE ATT\&CK framework are tactics, techniques, and procedures (TTPs). A sub technique delves into more specific methods and offers a more granular view of an adversary's approach, breaking the techniques down into more detailed actions. Understanding the components of the ATT\&CK framework is essential for effectively leveraging its insights in cybersecurity defense strategies. The MITRE ATT\&CK framework categorizes techniques into specific tactics. However, in real-world scenarios, certain techniques may span across multiple tactics or be applicable in different stages of an attack. Attackers often use a combination of techniques across various tactics in a fluid and adaptive manner. The framework serves as a guideline for understanding the relationship between tactics and techniques, but it does not restrict techniques to operate solely within the confines of a single tactic. #### H4: Tactics - The Why Tactics in the ATT\&CK framework explain the motivation or the why behind actions taken in an attack, such as an attacker trying to gain 'Credential Access' to penetrate a network further or 'Exfiltration' to steal data. #### H4: Techniques - The How Techniques describe the specific methods to achieve these goals (e.g., malvertising, spear phishing, and content injection). Techniques are the strategies employed to realize these tactical goals. Referring to our previous example, the technique used to achieve credential access could be a 'Brute Force Attack.' These techniques can further be broken down into sub-techniques. In the case of a 'Brute Force Attack,' sub-techniques might include 'Password Guessing' or 'Credential Stuffing,' each representing a different approach to the same end. #### H4: Procedures - The Implementation Procedures bring these elements to life by providing concrete examples of how these tactics, techniques, and sub-techniques are executed in the real world. They often reference specific tools, malware, or threat actor methods observed in actual cyber incidents. Procedures are the actual implementation of the techniques or sub-techniques illustrated through real-world examples of specific threat actor behaviors. ## Exploring Sub-Techniques in the ATT\&CK Framework The sub-techniques within the MITRE ATT\&CK framework go deeper into how an attacker may execute a broader technique, providing a more precise understanding of cyberthreats and making it easier to identify and respond to them. ### Sub-Techniques for Tailored Defense Responses Sub-techniques break down complex attack techniques into more precise and actionable components, each with unique indicators and mitigation strategies. This subdivision allows for a more nuanced understanding of an attacker's approach, enabling red teams, or defenders, to tailor their responses more accurately. The subtle threat intelligence that a sub-technique reveals about different attacker patterns helps security teams in the following ways: * Aid in threat modeling, risk assessment, and strategic decision-making * Anticipate potential threats and allocate resources for defense and mitigation * Enhance the ability to anticipate, detect, and respond to specific adversary behavior * Facilitate risk assessments to improve security posture * Fine-tune detection systems, incident response protocols, and strategic cybersecurity planning * Gain insights into the sophistication and capabilities of potential threat actors * Optimize security controls Consider the 'Spear Phishing' technique under the broader tactic of 'Initial Access'. Within this technique, several sub-techniques could be like 'Spear Phishing via Email' or 'Spear Phishing via Social Media.' Each sub-technique represents a different way the broader spear phishing technique is carried out, helping defenders pinpoint the exact nature of the threat. ## Exploring Procedures in the ATT\&CK Framework Procedures in the ATT\&CK framework are the tangible, real-world applications of techniques and sub-techniques. They represent the specific ways threat actors put these methods into practice, offering concrete examples that can be analyzed and learned from. Procedures provide specific actions or steps an attacker takes to execute a technique or sub-technique. Each procedure is typically tied to a particular threat actor or threat group and describes how the technique or sub-technique is implemented. Procedures provide examples of how theoretical attack vectors are operationalized to help security teams tailor their threat hunting, incident response, and security posture to counteract adversary behavior. For example, in the context of the 'Credential Dumping' technique, a procedure might detail how a specific piece of malware, such as Mimikatz, is used to extract credentials from a system. This real-world example helps defenders understand the theory behind 'Credential Dumping' and the practical aspects of its execution and, crucially, how it can be detected and mitigated. ## The Role of Sub-Techniques in Cybersecurity Strategies Sub-techniques are subdivisions of broader techniques in the MITRE ATT\&CK framework that offer a fine-grained understanding of adversary tactics, crucial for developing targeted defensive measures. ### Guiding Defensive Tactics Breaking down general cyber attack methods into more detailed actions provides a roadmap for cybersecurity teams to anticipate and prepare for more nuanced attack scenarios. Sub-techniques illuminate the specific paths adversaries might tread within a broader technique. For instance, understanding the sub-techniques under 'Phishing', such as 'Spear Phishing via Email', enables teams to develop specialized defense mechanisms against each variant. ### Empowering Cybersecurity Professionals Cybersecurity experts consider sub-techniques as practical tools and not just theoretical concepts. These sub-techniques allow professionals to accurately predict and prevent attacks by analyzing the attacker's playbook. Sub-techniques are invaluable in building a proactive cybersecurity program by providing deep insight into the adversary's behavior. ## Procedures as a Tool for Detailed Threat Analysis Where sub-techniques offer a detailed breakdown of attack methods and procedures to ground this knowledge in the reality of actual cyber incidents, they are concrete examples that illustrate how theoretical concepts manifest in the real world of cyber warfare. ### In-Depth Understanding of Attacker Methods Procedures are similar to case studies focusing on specific cyberattack instances. They provide a detailed account of how a particular technique or sub-technique was used in a real attack scenario, including the tools, scripts, and sequences employed by attackers. This level of detail is essential for security analysts to analyze and comprehend the complexities of an attack. ### Tailoring Cybersecurity Responses The practical insights derived from procedures enable security teams to tailor their responses with a level of specificity that generic strategies cannot offer. Whether adjusting detection systems to recognize particular malware signatures or modifying incident response plans to address specific attack sequences, the knowledge from procedures ensures that defensive measures are as targeted and effective as possible. ### Practical Application and Analysis The practical application of sub-techniques and procedures in cybersecurity is vividly illustrated through real-world case studies. These examples highlight how the theoretical elements of the MITRE ATT\&CK framework are operationalized in threat detection and response. ### Leveraging ATT\&CK for Organizational Benefit Beyond specific threat responses, organizations can integrate the insights from sub-techniques and procedures into broader security strategies. This includes tailoring training programs to address the most relevant threats and adjusting security architectures to preempt the tactics and techniques most likely to be used against them. ## Continuous Evolution: Staying Updated with ATT\&CK Framework The MITRE ATT\&CK framework constantly evolves to reflect the changing cyberthreat landscape. It's essential to keep up with revisions and additions to maintain an effective cybersecurity strategy. ### Keeping Pace with the Dynamic Nature of Cyberthreats As new techniques and sub-techniques emerge, the ATT\&CK framework expands to include these developments. This dynamic nature ensures the framework remains a relevant and valuable resource for cybersecurity professionals. ### Best Practices for Staying Informed To stay abreast of updates to the ATT\&CK framework, cybersecurity teams should: * Regularly visit the MITRE ATT\&CK website and subscribe to update notifications. * Participate in cybersecurity forums and communities that discuss the latest trends and insights related to the ATT\&CK framework. * Attend webinars, workshops, and conferences on the latest developments in cyber threat intelligence and the ATT\&CK framework. ### Integrating Updates into Practice When updates are released, teams should assess how these changes might impact their security posture. This could involve updating threat models, revising incident response plans, or reconfiguring security tools to align with the latest insights from the framework. ## MITRE ATT\&CK Sub-Techniques vs. Procedures FAQs ### Why is Understanding Both Sub-Techniques and Procedures Important in Cybersecurity? Understanding both sub-techniques and procedures is crucial for cybersecurity practitioners as it allows for a comprehensive approach to threat analysis. Sub-techniques enable professionals to anticipate and prepare for specific types of attacks, while procedures provide insights into actual methods used by attackers, enhancing the ability to detect and respond to threats effectively. ### How Do Sub-Techniques Enhance the Effectiveness of Cybersecurity Measures? Sub-techniques enhance cybersecurity by providing detailed insights into attackers' specific methods. This level of detail allows security professionals to fine-tune their defense mechanisms, such as intrusion detection systems and response strategies, to target the exact nature of the threat more accurately. ### Can Procedures in the MITRE ATT\&CK Framework be Linked to Specific Adversaries or Campaigns? Procedures can often be linked to specific adversaries or their campaigns. In the MITRE ATT\&CK framework, procedures often include information about known threat actors or groups using a particular technique or sub-technique. This linkage helps attribute certain attack patterns to specific adversaries, aiding in threat intelligence and investigation. ### How are MITRE ATT\&CK Sub-Techniques and Procedures Updated to Reflect Emerging Threats? The MITRE ATT\&CK framework is continuously updated to reflect emerging threats and adversaries' changing tactics. New sub-techniques and procedures are added based on the latest threat intelligence, cybersecurity research, and real-world incident analysis. These updates ensure that the framework remains a relevant and comprehensive resource for understanding and countering current cyberthreats. Related Content [What is the MITRE ATT\&CK? MITRE ATT\&CK is a cornerstone framework that comprehensively understands cyber adversary tactics and techniques.](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) [Cortex XDR and the MITRE ATT\&CK Evaluations Discover resources on the MITRE evaluations](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre?ts=markdown) [The MITRE ATT\&CK Evaluations Dashboard Explore the data from the past MITRE ATT\&CK evaluations from the last few years.](https://app.powerbi.com/view?r=eyJrIjoiNWRhYzY1YjItOTAxZC00MGM5LThlNzYtOTYxNzViYzM1ZGY2IiwidCI6IjgyOTNjZmRmLThjMjQtNDY1NS1hMzA3LWVhMjFjZDNiMjJmZiIsImMiOjF9) [2023 MITRE Engenuity ATT\&CK Evaluations The MITRE ATT\&CK Evaluations offer unbiased and invaluable insights into each participating vendor's performance. The results are a real-world litmus test for how well these soluti...](https://start.paloaltonetworks.com/essential-guide-MITRE-R5.html) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20is%20the%20Difference%20Between%20MITRE%20ATT%26CK%20Sub-Techniques%20and%20Procedures%3F&body=MITRE%20ATT%26CK%2C%20a%20framework%20for%20understanding%20and%20categorizing%20cyberthreats%2C%20includes%20both%20sub-techniques%20and%20procedures%2C%20each%20serving%20a%20distinct%20role.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies?ts=markdown) How Does MITRE ATT\&CK Apply to Different Technologies? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language