Manage the groups that are imported from the MITRE TAXII collections. Groups are sets of related intrusion activity that are tracked by a common name in the security community. Analysts track clusters of activities using
various terms such as threat groups, activity groups, threat actors, intrusion sets, and campaigns. In STIX, groups are known as intrusion sets.
Before you begin
Role required: sn_sec_tisc.analyst
Procedure
-
To view the MITRE ATT&CK Repository data, navigate to .
You can view the listed groups.
-
Click New to manually create the MITRE ATT&CK groups.
-
Fill in the fields appropriately.
Table 1. Create New MITRE groups - Details
| Field |
Description |
| ID |
Unique ID for a course of action to prevent an attack. |
| Revoked |
Indicates that the revoked objects are no longer considered valid by the object creator. |
| Name |
Enter a descriptive name to identify the object. |
| Source |
Specifies the threat source from which this object record is created. |
| Aliases |
A list of other names to identify this object. |
| Created Time In Source |
Specifies the time the object is created in the source. |
| Modified Time In Source |
Specifies the time the object is modified in the source. |
| Description |
A description that provides more details and context about the object, potentially including its purpose and its key characteristics. |
| Insights |
| Notes |
Any additional information related to the mitigation. |
| Additional Information |
| Additional Context |
Add any additional context for this object. |
| Comments |
Add any comments for this object. |
-
Click Save.
-
To view how these objects are related, click Relationships.