Need to know from where and how records are updated in MITRE ATT&CK Card tab under Security incident

Pranali18
Tera Expert
 
1 REPLY 1

Sarah Wood
Administrator
Administrator

Hi @Pranali18 - Without knowing more specifics about your question, there is a helpful page in product documentation that discusses associating MITRE-ATT&CK information with security incidents here. This can be done manually or automatically from base system SIEM auto-extraction rules, detection rulesthreat lookup results, observables, or child security incidents.

 

This diagram from the MITRE-ATT&CK framework overview in product docs also does a great job showing a high-level view of how MITRE-ATT&CK information flows through the Security Operations applications:

 

mitre-attack-architecture.png

Let me know if you have any more specific questions about MITRE-ATT&CK.