TTPs

Tactics, techniques, and procedures, abbreviated as TTPs, is a term used to describe patterns of behavior in security contexts. In cybersecurity, TTPs refer to how threat actors operate to achieve their objectives, while in military and law enforcement contexts it denotes the methods used to plan and execute operations. TTPs are used to categorize and analyze how adversaries behave across campaigns and incidents.

Tactics are the high-level goals or objectives that an actor pursues during an operation, such as initial

In practice, defenders map observed activity to TTPs to understand threat models, guide detection, and prioritize

TTPs are dynamic and evolve as actors adapt to defenses and new technologies. While useful for analysis