Manage Matrices
Manage the matrices that are imported from the MITRE TAXII collections. Matrices are a collection of tactics and techniques. You can view the matrices to review if your collections are available in the MITRE-ATT&CK repository.
Before you begin
Role required: sn_sec_tisc.analyst
Procedure
-
After you enable the MITRE ATT&CK related feed data sources which are available in the base system, click Execute Now to run the integrations and fetch the MITRE related information.
For more information on enabling the integrations
-
To view the MITRE ATT&CK Repository data, navigate to Workspaces > Threat Intelligence Security Center > Threat Intel Library > MITRE ATT&CK.
The MITRE ATT&CK related records are displayed. By default all the records are in enabled state.Note:You can enable only those matrices that are relevant to your organization.
- Select any Matrix record and click Disable if you want to disable any specific record.
- Alternatively, you can create new matrices record by clicking New to manually to create the MITRE ATT&CK matrices.
-
Fill in the fields appropriately.
Table 1. Create New MITRE Mitigation - Details Field Description Name Enter the name of the matrix. Source Specifies the threat source from which this record is created. Active Select this check box to active the matrix record. Created Time In Source Specifies the time the object is created in the source. Modified Time In Source Specifies the time the object is modified in the source. Description A description that provides more details and context about the intrusion set, potentially including its purpose and its key characteristics. Insights Notes Any additional information related to the mitigation. Additional Information Additional Context Add any additional context for this object type. Comments Add any comments that you might have in addition.