Investigation canvas and MITRE ATT&CK
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Investigation Canvas and MITRE ATT&CK
The Investigation Canvas integrates the MITRE ATT&CK framework, allowing users to visualize associated techniques and sub-techniques with nodes in the canvas. This feature is crucial for threat analysts to identify and analyze tactics effectively.
Show less
Key Features
- Node Association: Techniques and sub-techniques linked to nodes are highlighted, providing immediate context.
- Dynamic Interaction: Users can select nodes to view related MITRE ATT&CK techniques and sub-techniques, enhancing analysis capabilities.
- View Controls: Options to display technique IDs, sub-techniques, or only associated techniques streamline data visualization.
- Automatic Refresh: The canvas updates automatically with changes to nodes or filters, ensuring real-time data accuracy.
- MITRE Filters: Users can create and save filters for specific Tactics, Techniques, and Procedures (TTPs) related to adversaries.
Key Outcomes
By utilizing the Investigation Canvas and MITRE ATT&CK framework, customers can efficiently analyze threats, improve incident response strategies, and enhance their overall security posture. The clear visualization of associated techniques aids in quicker decision-making and deeper insights into potential vulnerabilities.
In the investigation canvas, view the MITRE ATT&CK techniques and sub-techniques which are associated to all the nodes in the canvas.
Important:
In the framework, the techniques and sub-techniques that are associated with the nodes in the canvas are highlighted.
Role required: sn_sec_tisc.analyst
- Navigate to .
- Click the Threat Analyst Workbench icon.
- Go to . All the cases are displayed.
- Select any case.
- Go to Investigation Canvas tab.
- On the investigation canvas, use the Resizeable panels divider handle to drag to view the MITRE ATT&CK framework.
- Select the required MITRE ATT&CK matrix from the Matrix drop-down list. The MITRE ATT&CK Framework shows different levels of tactics and techniques association.
- The top row displays all the tactics that are present in the selected Matrix. By default, all the tactics display the count of the total techniques and sub-techniques present for that corresponding tactics. You can use the Refresh icon to reload the MITRE ATT&CK framework and view the latest associations.
- Under each tactic, the framework displays all the techniques that are present as a relationship to that corresponding tactic.
- The framework displays the sub-techniques that are present under each technique. Expand each technique to view the sub-techniques.
- View the MITRE ATT&CK techniques and sub-techniques related to all the nodes (entities) in the canvas.
- Click on one or more node(s) to view the associated MITRE ATT&CK techniques and sub-techniques related to those selected node(s) in the canvas.
- Use View Controls to view the associated MITRE ATT&CK techniques and sub-techniques of the selected node(s). From the controls lists:
- Select Show ID to view the techniques and sub-techniques MITRE IDs.
- Select Show Sub Techniques to view all the sub-techniques. When you select this option, all the techniques are shown in the expanded view. The expanded view of the technique shows all the sub-techniques that are present for that corresponding technique.
- Select Show Only Associated Techniques to view only MITRE techniques that are associated to the nodes in the canvas. When you select this option, each tactic shows the total number of associated techniques and sub-techniques.
- Click on the pop out icon to view the MITRE ATT&CK Framework in a larger space.
Important:
- Whenever you add or remove a node, the MITRE ATT&CK framework gets refreshed automatically and you can also use the refresh icon to do a manual refresh.
- Whenever you filter the specific types of nodes, even then the MITRE ATT&CK framework gets refreshed.