attack-flow VS caldera

This is what Attack Flow is specifically meant to help with (https://github.com/center-for-threat-informed-defense/attack-flow and https://www.youtube.com/watch?v=dlTTF4TF48A). Take a look at the CEO Scenario walkthrough (https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md), the use of a Sankey diagram to highlight how mitigations reduce the cost of risk is one of the best representations I know of.

I will give credit to the work at CTID, though many are looking at how to not look at ATT&CK Techniques atomically, rather as chains: https://ctid.mitre-engenuity.org/our-work/attack-flow/

define your attack path similar to the sankey diagrams at https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md

- Threat Modeling - Based on the assessment results, define potential attack paths (not a single action against a single asset, but the full chain of steps that an attacker would take - see https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md for a basic example). Prioritize your attack paths based on whatever real world factors affect your team's availability, capabilities, etc. For example, if the team's availability overlaps with a year-end accounting process, pick an attack path that doesn't touch your finance and accounting team.

Also, for the attack emulation part you might be interested in CALDERA.

Mitre made Caldera to drive this. https://github.com/mitre/caldera

Did you join the Slack and ask your question there, or on the discussion forum? The CALDERA team will answer... (both links are at https://caldera.mitre.org/)

There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.