TTP (Tactics, Techniques and Procedures)

Definition

TTP stands for Tactics, Techniques and Procedures — the methods and approaches cybercriminals use in attacks. TTPs are the building blocks of threat intelligence.

Tactics (goals), Techniques (how), Procedures (specific implementation). Knowledge of TTPs enables defenders to detect proactively based on behavior rather than known malware signatures.

Related terms

MITRE ATT&CK Threat Intelligence Threat Hunting
← Back to glossary