Manage Techniques

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Manage the techniques that are imported from the MITRE TAXII collections. The techniques contain various ways attackers have developed to employ a given tactic. You can review and deactivate techniques that are not relevant to your organization. In STIX, techniques are known as attack patterns.

    Before you begin

    Role required: sn_sec_tisc.analyst

    Techniques represents how an adversary achieves a tactical goal by performing an action.

    Procedure

    1. After you enable the MITRE ATT&CK related feed data sources which are available in the base system, click Execute Now to run the integrations and fetch the MITRE related information.
      For more information on enabling the integrations
    2. To view the MITRE ATT&CK Repository data, navigate to Workspaces > Threat Intelligence Security Center > Threat Intel Library > MITRE ATT&CK > Techniques.
      The MITRE ATT&CK techniques records are displayed. By default all the records are in enabled state.
    3. Select any technique record and click Disable if you want to disable any specific record.
    4. Alternatively, you can create new techniques records by clicking New to manually create the MITRE ATT&CK techniques.
    5. Fill in the fields appropriately.
      Table 1. Create New MITRE Mitigation - Details
      Field Description
      ID Unique ID for a technique.
      Name Enter the name of the technique.
      Source Specifies the threat source from which this record is created.
      Platforms Add the platforms required.
      Permissions required Add the required permissions.
      Created Time In Source Specifies the time the object is created in the source.
      Modified Time In Source Specifies the time the object is modified in the source.
      Priority Indicates the priority level assigned to the MITRE Technique such as Low, Moderate, High, or Critical.
      Note:
      Priorities can be assigned to techniques to add relevance to your organization.
      Description A description that provides more details and context about the intrusion set, potentially including its purpose and its key characteristics.
      Detection The detection technique is used to identify adversary access to or unauthorized activity on computer networks.
      Insights
      Notes Any additional information related to the mitigation.
      Additional Information
      Additional Context Add any additional context for this object type.
      Comments Add any comments that you might have in addition.
      TISC Tags
      Select TISC Tags Select tags to annotate or earmark records ingested into the system from this source.
      Note:
      Tags can be assigned to techniques to add relevance to your organization.