Manage matrices

Release version: Australia

Updated March 12, 2026

1 minute to read

Manage the matrices that have been imported from the MITRE TAXII collections. Matrices are a collection of tactics and techniques. You can view the matrices to review if your collections are available in the MITRE-ATT&CK repository.

Before you begin

Note:

Review and verify that only the matrix you intend to use in your organization is set to active and disable the other matrices. For example, if you intend to use the Enterprise ATT&CK matrix, then the Enterprise ATT&CK matrix is activated at the TAXII collection level and in the Matrices level. Disable the other Mobile ATT&CK and ICS ATT&CK matrices at the TAXII collection and at the Matrices level.

Role required:

sn_ti.admin: delete access
sn_ti.read: read access
sn_ti.write: create, write access

Procedure

Navigate to All > Threat Intelligence > MITRE ATT&CK Repository > Matrices.
All matrices are disabled by default.
To activate a matrix, point to Active, double-click, and select true.
To view all the associated information, click a matrix.
To view all the tactics that are associated with this collection, click the MITRE Tactics tab.
To view additional details and the techniques that are associated with a selected tactic, click a tactic.
Under the MITRE ATT&CK Techniques tab, select a technique.
Under the related lists, view the associations that are available for the technique that you selected.

In the following illustration, you can see the navigational path from the Enterprise ATT&CK matrix, to the Initial Access (TA0001) tactic, and then to the Phishing (T1566) technique. On the Attack Pattern - Phishing technique page, you can view the related list - Tactic, Sub Technique, Group, Mitigation, External References, Malware, and Tools.

What to do next

You can extend the information in some of these related list objects based on the technique that you selected. For example, you can add new information for Group, Mitigation, External References, Malware, and Tools.