Roll up of MITRE technique associations

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Roll up of MITRE technique associations from observables, indicators, objects, and security incidents which are linked or unlinked from a case record.

    시작하기 전에

    주:
    • Roll up of MITRE technique associations for security incidents will roll up the MITRE technique associated data from security incidents to the case management in TISC.
    • By default this property sn_sec_tisc.auto_rollup_mitre_data is enabled for the MITRE Technique(s), to be rolled up to case(s) from the associated objects or security incidents automatically.
    • If you want to perform on demand roll up of MITRE technique associations then navigate to the more actions within the Case form view and select Roll Up MITRE Techniques option. This operation will happen asynchronously and you can verify the Activity Stream section for the updates on the roll up activity.
    Role required: sn_sec_tisc.analyst

    이 태스크 정보

    • Whenever any entity such as an observable or indicator is linked to any case, then all the MITRE technique associations that are present for that entity are automatically rolled up to the case.
    • Whenever any entity such as an observable or indicator is unlinked and removed from the case, then all the MITRE technique associations which are rolled up from the case that are present for that entity will be removed automatically and rolled up to the case.

    프로시저

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click the Threat Analyst Workbench icon.
    3. Go to Case Management > All Cases.
      All the cases are displayed.
    4. Open any case.
    5. Go to Artifacts tab.
    6. Select Observables from the artifacts related list.
    7. Select the Link button.
    8. Select the observables that you may want to link to the case.
    9. Click Link to link the observables.
      After you link the observables to a case then the MITRE techniques associated for that particular observable are automatically rolled up and the MITRE techniques list count under the artifacts section is automatically updated.
    10. Click Unlink to unlink the observables from the case.
      After you unlink the observables to a case then the MITRE techniques associated for that particular observable are automatically removed and the MITRE techniques list count under the artifacts section is automatically updated.