Fig. 1
From: TIM: threat context-enhanced TTP intelligence mining on unstructured threat data
The left figure is the origin security analysis report, and the right figure is the corresponding normalized TTP names and TTP elements. Security analysts need to manually extract these attack descriptions to normalize TTP names with the ATT&CK framework. Different colors in the figure represent different TTPs, and elements mentioned in the context are annotated with the gray background