Rollup MITRE-ATT&CK information using Threat Lookup results

Australia Security Management

Release

australia

ft:locale

en-US

ft:publication_title

Australia Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

Rollup MITRE-ATT&CK information using Threat Lookup results

Release version: Australia

Updated March 12, 2026

1 minute to read

If you have not enabled automatic rollup of MITRE-ATT&CK information, you can do this manually.

Role required: sn_si.analyst

If you have enabled automatic roll up of MITRE-ATT&CK information from Threat Lookup results to security incident, then the information is automatically rolled up. If you have not enabled automatic rollup, you can do this manually.

Navigate to All > Security Incidents > Show All Incidents.
Select the security incident that you want to enrich with the MITRE-ATT&CK information.
Click Show All Related Lists and the Threat Lookup Results tab.
Select the observable and then from the Actions menu, click Roll up MITRE ATT&CK Information to SI.
You can select multiple observables and rollup the information.
Click Reload to confirm the changes.
The following illustration shows how to select an observable and roll up the Threat Lookup results to the security incident.

You can view the MITRE-ATT&CK Card to confirm that the Threat Lookup results have been rolledup to the security incident.