TISC MITRE Threat Intel Feeds - How to Enable?

Go to solution
mgroversigital
Tera Expert

‎08-15-2024 05:24 AM

I have installed the Threat Intelligence Security Center app, and am working in the integrations view to get threat feeds from MITRE.  In the docs, it looks like you need the sn_sec_tisc.admin role, which I have granted myself.  From the docs, it also looks like once you have that role, you should be able to enable/edit the threat intel feeds.  However, all of the ones in the catalog are disabled and I don't have any kind of edit button to enable them:

mgroversigital_0-1723724601818.png

 

Is there another requirement that I'm missing in the documentation somewhere?  This seems to be happening in my dev instance as well as a PDI, but when I had a lab instance through nowlearning, this wasn't an issue.

 

0 Helpfuls
  • 1,216 Views
1 ACCEPTED SOLUTION

Go to solution
mgroversigital
Tera Expert

‎10-03-2024 08:57 AM

I did, actually.  It was somewhat silly, but not easy to troubleshoot.  After installing the application, I had changed scopes to work on something else.  When I came back to edit the integrations to enable, the edit button was hidden because the scope wasn't Threat Intelligence Support Common

View solution in original post

6 REPLIES 6

Go to solution
venkatasrik
Tera Contributor

‎10-03-2024 08:45 AM

Hey Did you got an answer for the above

0 Helpfuls

Go to solution
venkatasrik
Tera Contributor

‎10-03-2024 08:53 AM

I logged in as Admin , And Opened TISC , I got the edit button right below the TISC open source feeds , I clicked on it and enabled it. Thanks

0 Helpfuls

Go to solution
mgroversigital
Tera Expert

‎10-03-2024 08:57 AM

I did, actually.  It was somewhat silly, but not easy to troubleshoot.  After installing the application, I had changed scopes to work on something else.  When I came back to edit the integrations to enable, the edit button was hidden because the scope wasn't Threat Intelligence Support Common

Go to solution
SN Arch Guy
Giga Guru

‎04-04-2025 10:45 AM

For Xanadu, I had to use the Threat Intelligence Security Center scope. But even though I've enabled the MITRE - Enterprise ATT&CK feed, when I look at a Security Incident observable in the Security Incident Response Workspace, and try to use the UI action Associate MITRE ATT&CK Technique, I am not shown any Source choices. See screen shot. Any thoughts why this might be? On my PDI I see the Mitre source just fine...

SNArchGuy_0-1743788623284.png

 

 

0 Helpfuls