The MITRE ATT&CK framework is a comprehensive knowledge base that is widely used for identifying and describing the behavior of cyber adversaries. It catalogues common tactics, techniques, and procedures (TTPs) that adversaries use to accomplish their objectives. This makes it the optimal choice for the analyst trying to understand an APT's behavior in order to improve their incident response. Other frameworks such as Cyber kill chains or Diamond Model are also used to understand attack behaviors, but they do not provide the same level of comprehensive detail on TTPs specific to known adversary groups that the MITRE ATT&CK framework does. OWASP focuses on web application security rather than adversary behavior and the OSS TMM is a methodology for security testing, not incident response.