Manage matrices

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Manage the matrices that have been imported from the MITRE TAXII collections. Matrices are a collection of tactics and techniques. You can view the matrices to review if your collections are available in the MITRE-ATT&CK repository.

    시작하기 전에

    주:
    Review and verify that only the matrix you intend to use in your organization is set to active and disable the other matrices. For example, if you intend to use the Enterprise ATT&CK matrix, then the Enterprise ATT&CK matrix is activated at the TAXII collection level and in the Matrices level. Disable the other Mobile ATT&CK and ICS ATT&CK matrices at the TAXII collection and at the Matrices level.
    Role required:
    • sn_ti.admin: delete access
    • sn_ti.read: read access
    • sn_ti.write: create, write access

    프로시저

    1. Navigate to All > Threat Intelligence > MITRE ATT&CK Repository > Matrices.
      All matrices are disabled by default.
    2. To activate a matrix, point to Active, double-click, and select true.
    3. To view all the associated information, click a matrix.
    4. To view all the tactics that are associated with this collection, click the MITRE Tactics tab.
    5. To view additional details and the techniques that are associated with a selected tactic, click a tactic.
    6. Under the MITRE ATT&CK Techniques tab, select a technique.
    7. Under the related lists, view the associations that are available for the technique that you selected.

      In the following illustration, you can see the navigational path from the Enterprise ATT&CK matrix, to the Initial Access (TA0001) tactic, and then to the Phishing (T1566) technique. On the Attack Pattern - Phishing technique page, you can view the related list - Tactic, Sub Technique, Group, Mitigation, External References, Malware, and Tools.


      Threat Intelligence: MITRE ATT&CK matrix.

    다음에 수행할 작업

    You can extend the information in some of these related list objects based on the technique that you selected. For example, you can add new information for Group, Mitigation, External References, Malware, and Tools.