Review the MITRE-ATT&CK system properties
Review the MITRE-ATT&CK system property values.
Before you begin
Role required: sn_ti.admin, sn_si.admin
Procedure
- Navigate to All > Threat Intelligence > MITRE ATT&CK Administration > Properties.
-
On the form, fill in the fields.
Table 1. MITRE-ATT&CK Properties form Field Description Roll up MITRE ATT&CK information automatically from Observables to security incident [sn_ti.rollup_mitre_att&ck_technique_observable_si]
Rollup of MITRE-ATT&CK information from observables to the security incident. For more information, see Associate MITRE ATT&CK information with observables.
Default value: Yes
Roll up MITRE ATT&CK information automatically from Threat Lookup results to security incident [sn_ti.rollup_mitre_att&ck_technique_threat_lookup_si]
Rollup of MITRE-ATT&CK information from threat lookup results to the security incident. For more information, see Threat lookup auto-extraction. Default value: Yes
Roll up MITRE ATT&CK information automatically from alert rules to security incidents [sn_ti.rollup_mitre_att&ck_technique_alert_rule_si]
Rollup of MITRE-ATT&CK TTP information automatically from alert rules to security incidents. For more information, see map detection rules. Default value: No
Roll up MITRE ATT&CK information automatically from child security incidents to parent security incident [sn_ti.rollup_mitre_att&ck_technique_child_si_si]
Roll up MITRE-ATT&CK information automatically from child security incidents to parent security incident. Default value: Yes
Enabling this property allows mapping of Security Incident Fields like category and sub category with Detection Rules in "Detection Rules - MITRE ATT&CK mapping" table [sn_ti.enable_category_mapping_with_alert_rule]
Category and sub-category in the Detection Rules - MITRE ATT&CK mapping page.
Default value: No
Time(in hours) to calculate "CVE - VUL Count" [sn_ti.time_to_calculate_cve_vits_count]
The scheduled time in hours to calculate the CVE and VUL information. Default value: 24
- Click Save.