Show MITRE ATT&CK Framework for a Case(s)

  • Release version: Xanadu
  • Updated October 22, 2024
  • 1 minute to read

    • Displays all the associated techniques of a case on the MITRE ATT&CK framework.

    Before you begin

    Role required: sn_sec_tisc.analyst

    About this task

    Select the required MITRE ATT&CK matrix from the Matrix drop-down list. The MITRE ATT&CK Framework shows different levels of tactics and techniques association.
    1. The top row displays all the tactics that are present in the selected Matrix. By default, all the tactics display the count of the total techniques and sub-techniques present for that corresponding tactics. You can use the Refresh icon to reload the MITRE ATT&CK framework and view the latest associations.
    2. Under each tactic, the framework displays all the techniques that are present as a relationship to that corresponding tactic.
    3. The framework displays the sub-techniques that are present under each technique. Expand each technique to view the sub-techniques.
    Important:
    In the framework, the techniques and sub-techniques that are associated with a case are highlighted.
    Figure 1. MITRE ATT&CK Framework tactics and techniques
    Viewing MITRE ATT&CK techniques and sub-techniques related to the case

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click the Threat Analyst Workbench icon.
    3. Go to Case Management > All Cases.
      All the cases are displayed.
    4. Select any case.
    5. Go to Artifacts tab.
      The associated artifacts are displayed as the related lists for that specific case.
    6. Select Show MITRE ATT&CK Framework button
      When you select this button, the framework displays all the associated techniques of a case and artifacts on the MITRE ATT&CK.
    7. View MITRE ATT&CK techniques and sub-techniques related to the case from the MITRE techniques that you have selected to view.
    8. Select any record to view the MITRE ATT&CK techniques and sub-techniques related to the case.
    9. Use View Controls to view the MITRE ATT&CK techniques and sub-techniques as desired.
      From the controls lists:
      • Select Show ID to view the techniques and sub-techniques MITRE IDs.
      • Select Show Sub Techniques to view all the sub-techniques. When you select this option, all the techniques are shown in the expanded view. The expanded view of the technique shows all the sub-techniques that are present for that corresponding technique.
      • Select Show Only Associated Techniques to view only MITRE techniques that are associated with a case. When you select this option, each tactic shows the total number of associated techniques and sub-techniques.