Rollup MITRE-ATT&CK information using Threat Lookup results

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • If you have not enabled automatic rollup of MITRE-ATT&CK information, you can do this manually.

    始める前に

    Role required: sn_si.analyst

    このタスクについて

    If you have enabled automatic roll up of MITRE-ATT&CK information from Threat Lookup results to security incident, then the information is automatically rolled up. If you have not enabled automatic rollup, you can do this manually.

    手順

    1. Navigate to All > Security Incidents > Show All Incidents.
    2. Select the security incident that you want to enrich with the MITRE-ATT&CK information.
    3. Click Show All Related Lists and the Threat Lookup Results tab.
    4. Select the observable and then from the Actions menu, click Roll up MITRE ATT&CK Information to SI.
      You can select multiple observables and rollup the information.
    5. Click Reload to confirm the changes.
      The following illustration shows how to select an observable and roll up the Threat Lookup results to the security incident.Manually rollup threat lookup results.
      You can view the MITRE-ATT&CK Card to confirm that the Threat Lookup results have been rolledup to the security incident.