Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Mitre Technique Extraction - Splunk, MISP Nothing working

dhruv_gupta
Tera Contributor

‎07-24-2024 07:26 AM

Hi all,

We are implementing MITRE framework. We tried configuring auto extraction rule but they dont seem to be working. Has anybody implemented that or can share some insights. That will be really helpful

 

@andy_ojha 

0 Helpfuls
  • 1,375 Views
6 REPLIES 6

andy_ojha
ServiceNow Employee
In response to dhruv_gupta

‎07-24-2024 08:52 AM - edited ‎07-24-2024 08:55 AM

Hey @dhruv_gupta - that certainly checks all pre-req boxes...

On the Target SIR records being created here -- do any of them have data in any of the MITRE fields at all (i.e. is it partially working - or just not working at all) - see screenshot below.

Can we confirm the MITRE (Attack Patterns) table has data on it -> `sn_ti_stix2_attack_pattern`?

------------------------------------------------------------------------------------ 

I think the next best step here would be a NOW Support Case to get eyes on this - especially if we are mostly aligned to baseline configs and no customizations to any of the baseline Script Includes involved.

andy_ojha_0-1721836323767.png

 

0 Helpfuls

Dhruvii
Kilo Sage
In response to andy_ojha

‎07-24-2024 08:53 AM

No data i just created a case

0 Helpfuls