Associate MITRE-ATT&CK information with security case

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Associate MITRE-ATT&CK tactics and techniques to a security case for better security case management and threat analysis at a granular level.

    Before you begin

    Role required: sn_si.analyst

    Procedure

    1. Navigate to All > Threat Intelligence > Case Management > All Cases.
    2. Select the security case that you want to enrich with the MITRE-ATT&CK information.
    3. From the related list, click Associate MITRE ATT&CK Technique.

      In the following illustration, you can see how to navigate from the related list to Associate MITRE ATT&CK Technique, review the source, and add a tactic and technique.

    4. In the source lists, review the Source.
    5. Review the Tactic and Techniques, and add or remove them based on the relevance with the case.
    6. Click Save.
      The tactics and techniques that you have added appear in the MITRE-ATT&CK Card.This illustration shows how to associate MITRE information with a security case.