The MITRE Corporation today has announced some changes in it’s tactics techniques, including the sunsetting of the PRE-ATT&ACK component only more recently announced.
Retirement of PRE-ATT&CK – This release deprecates and removes the PRE-ATT&CK domain from ATT&CK, replacing its scope with two new Tactics in Enterprise ATT&CK Reconnaissance and Resource Development.
There’s also an accompanying blog post that talks about the reasons behind the changes: Bringing PRE into Enterprise
We’ve not yet updated the tactics in Azure Sentinel with which to create the proper category assignments for Analytics Rules and Hunting Queries, but I’ve gone ahead and updated the Reference Workbook to include the new techniques.
