Need to know from where and how records are updated in MITRE ATT&CK Card tab under Security incident
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2023 11:58 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-02-2023 10:45 AM
Hi @Pranali18 - Without knowing more specifics about your question, there is a helpful page in product documentation that discusses associating MITRE-ATT&CK information with security incidents here. This can be done manually or automatically from base system SIEM auto-extraction rules, detection rules, threat lookup results, observables, or child security incidents.
This diagram from the MITRE-ATT&CK framework overview in product docs also does a great job showing a high-level view of how MITRE-ATT&CK information flows through the Security Operations applications:
Let me know if you have any more specific questions about MITRE-ATT&CK.