Attack patterns document recurring attacker behaviors — MITRE ATT&CK catalogues 14 tactic categories and 500+ techniques. CAPEC (Common Attack Pattern Enumeration) catalogs application attack patterns.
ATT&CK is the most widely used framework for attack pattern knowledge. Use ATT&CK to: map detections to techniques, identify coverage gaps, structure threat intelligence, guide purple team exercises. Techniques are more durable than IoCs for long-term detection.