Roll up MITRE-ATT&CK information using MISP enrichment results

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Roll up the MISP enrichment results manually if you haven't enabled the automatic rollup of MISP information.

    시작하기 전에

    Role required: sn_si.analyst

    이 태스크 정보

    Use the base system auto-extraction rules to import the MITRE-ATT&CK information from the MISP integration. The MISP integration for Security Operations introduces two base system MITRE-ATT&CK technique extraction rules for MISP - MISP galaxies and MISP tags. For more information on auto-extraction rules in MITRE-ATT&CK, see auto-extract technique rules for importing MITRE-ATT&CK information.

    If you have enabled automatic rollup of MITRE-ATT&CK information using MISP enrichment results to a security incident, the information is automatically rolled up. If you have not enabled automatic rollup, you can do this task manually.

    프로시저

    1. Navigate to All > Security Incidents > Show All Incidents.
    2. Select the security incident that you want to enrich with the MITRE-ATT&CK information.
    3. Click Show All Related Lists and the MISP Enrichment Results tab.
    4. Select the observable and from the Actions menu, click Roll up MITRE ATT&CK Information to SI.
      You can select multiple observables and then roll up the information.
    5. To confirm the changes, click Reload.
      The following example shows how to select an observable and roll up the MISP enrichment results to the security incident.
      그림 1. Roll up MITRE information to a security incident
      Roll up MITRE information to a security incident.

    결과

    You can view the MITRE-ATT&CK Card to confirm that the MISP Enrichment Results have been rolled up to the security incident.