amp;CK. In this paper, we propose a hierarchical modeling methodology for representing cyber assets in kill chain attack graphs. We illustrate its practical application on MITRE D3FEND’s Digital Artifact Ontology. Moreover, we define how cyber assets with related attack techniques should be transformed into logical facts and attack rules. We implemented proof-of-concept software modules that can process data obtained from network and host-based monitoring together with attack rules to generate attack graphs. We evaluated the approach with data from a cyber exercise captured in a network of a digital twin organization. The results show that the approach is applicable in real-world networks and can reveal ground-truth attacks.