Mitre Technique Extraction - Splunk, MISP Nothing working

dhruv_gupta
Tera Contributor

‎07-24-2024 07:26 AM

Hi all,

We are implementing MITRE framework. We tried configuring auto extraction rule but they dont seem to be working. Has anybody implemented that or can share some insights. That will be really helpful

 

@andy_ojha 

0 Helpfuls
  • 604 Views
6 REPLIES 6

andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to dhruv_gupta

‎07-24-2024 08:52 AM - edited ‎07-24-2024 08:55 AM

Hey @dhruv_gupta - that certainly checks all pre-req boxes...

On the Target SIR records being created here -- do any of them have data in any of the MITRE fields at all (i.e. is it partially working - or just not working at all) - see screenshot below.

Can we confirm the MITRE (Attack Patterns) table has data on it -> `sn_ti_stix2_attack_pattern`?

------------------------------------------------------------------------------------ 

I think the next best step here would be a NOW Support Case to get eyes on this - especially if we are mostly aligned to baseline configs and no customizations to any of the baseline Script Includes involved.

andy_ojha_0-1721836323767.png

 

0 Helpfuls

Dhruv Gupta1
Kilo Sage
Kilo Sage
In response to andy_ojha

‎07-24-2024 08:53 AM

No data i just created a case

0 Helpfuls