Rollup MITRE-ATT&CK information from child security incidents

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • If you have not enabled automatic rollup of MITRE-ATT&CK information, you can do this manually.

    Before you begin

    Role required: sn_si.analyst

    About this task

    If you have enabled automatic roll up of MITRE-ATT&CK information from child security incidents, then the information is automatically rolled up. If you have not enabled automatic rollup, you can do this manually.

    Procedure

    1. Navigate to All > Incidents > Show All Incidents.
    2. Select the parent security incident that you want to enrich with the child MITRE-ATT&CK information.
    3. Click Show All Related Lists and the Child Security Incidents tab.
    4. Select the child security incident and then from the Actions menu, click Roll up MITRE ATT&CK Information to SI.
      You can click Show MITRE ATT&CK information to view the child security incident's MITRE information before you roll up the MITRE ATT&CK information.
    5. Click Reload to confirm the changes.
    6. Click the MITRE ATT&CK Card to view the origin of techniques.
      The following illustration shows how to select child security incident and roll up the MITRE-ATT&CK information to the parent security incident.This illustration shows how to roll up MITRE informtion from a child security incident to a parent security incident.

      You can view the MITRE-ATT&CK Card to confirm that the child security incident MITRE-ATT&CK information has been rolled up to the parent security incident.